premise: i must admit my great ignorance with windows ad, so please be patient, i promise i’ll study something
i’m trying to join ns7rc3 to an existing AD, for sure there is no ldaps.
my first problem, i didn’t have Administrator pass of AD, i have an account with admin privileges, but ther is no way to join with it… it seem it always try to join with Administrator account… the only way was to use:
realm join ‘config get DomainName’ -U myAdminAccount
at the end after configuring also the ldap:// it seems to work, but i have:
i’ve tried the SIZELIMIT option in ldap.conf but without luck
and last but not least
when i create a new openvpn account (or assign a new share to a group), selecting system user the list of user (or group in the share) is not sorted… and it’s a real pain
sorrym, i think it’s the hard coded 1000 limit in ad, i can’t change it, but restricting LDAP Scope for User and Group Search seems to work. now i’m under 1000.
while searching for a solution i found these link, maybe they can be useful:
tnx! works great for me, it would be nice to re-test also with ldaps and Administrator account, just to be sure if someone @quality_team have some spare time i will wait some time before mark it as verified
tnx! tested and marked as verified… now life is easier
if someone 
i will wait some time before mark it as verified
