Certificate for ldap queries

I am trying to implement ldapquery from my opnsense router. For it to work it apparently needs tls as when trying without, the log states:
opnsense: LDAP bind error [BindSimple: Transport encryption required.,Strong(er) authentication required].

Now configuring TLS there needs to be added the appropriate certificate to my router, as without thre is the following message:
opnsense: LDAP bind error [TLS: hostname does not match CN in peer certificate,Can’t contact LDAP server]

So my question is, which/where is the certificate the ad container in nethserver is using? I’d like to try importing in to my router and check if ldap queries work that way.

https://wiki.nethserver.org/doku.php?id=guacamole#letsencrypt_cert

Does this portion help?

Thank you, well yes partially it helps, as the question which certificate/key to put in opnsense was answered. But I still get:
opnsense: LDAP bind error [TLS: hostname does not match CN in peer certificate,Can’t contact LDAP server]

I suspect the reason is, that the letsencrypt certificate does not include ad.ourdomain.com? I will recreate a new certificate and test with that.

Edit to add, added ad.ourdomain.com in my letsencrypt certificate. That way I got rid of the above error. Now I have to check with opnsense settings but the issue here is solved it seems. The remaining error message now reads:
opnsense: LDAP bind error [80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1,Invalid credentials]

Thanks for your fast reply. :slight_smile:

Edit to add, it works now. The correct settings are:

Benutzer-DN: cn=ldapservice,ou=Benutzer,dc=ad,dc=ourdomain,dc=com
PW: ldapservice PW
Suchbereich: Kompletter Unterbaum
Basis-DN: dc=ad,dc=ourdomain,dc=com
Auth. Container: ou=Benutzer,dc=ad,dc=ourdomain,dc=com
Erweiterte Abfrage: &(objectClass=Person)
Benutzerbenennungsattribut: sAMAccountName