As you said the main concerns are around the “remote AD” accounts provider.
- If the “remote AD” is also NethServer there is no issue and nothing changes because the LDAP connection is already ciphered (by default).
- If the “remote AD” is Microsoft there could be issues for those NethServer applications that require LDAP direct access: Nextcloud, Webtop, Roundcube, SOGo, ejabberd…
In the latter case the solution is simple: once the DC has been updated and configured to require LDAP over an encrypted channel, go to Server Manager and fix the accounts provider configuration, to use ldaps:// instead of ldap:// (as alternative, enable TLS).
