Yes, I created a user named “root” in the “Nethserver” OU with administrative permissions, and I still receive the notification. The curious thing is that even with the notification, “Nethserver” can authenticate users of the Windows domain. Only squid is not yet authenticating.
Sorry, but I can not understand. By default, do users created in AD already have read permission? When I create a user without administrative privileges, nethserver notifies you of “invalid credentials”, only with administrator permission that it registers in the AD but with the red “Insufficent access rights” notification.
Some applications like NextCloud, Roundcube, Webtop, ejabberd and Server Manager (until next update) require to access LDAP directly to read users and groups information. They cannot use the machine account credentials, like those based on PAM/NSS/SSSD (ie postfix, dovecot, samba…), so they require some other user credentials.
To join an AD domain administrative credentials are required. It is a one time action. Provided credentials are forgotten immediately and never used to browse LDAP.
Could you open a root shell and paste here the output of