Nethserver AD can use TLS, yes. This will use port 636.
I have seen the NethServer installation procedure propose the exact same, but I really have no use for the AD on a subdomain. It overcomplicates the setup for no known-to-me reason. If it is best practice, I have missed a few things.
(It could probably be useful in a huge domain where you are not the single AD server in the domain (forest), like a departmental server)
I agree with you that would be cool, but still we didn’t find a simple solution which could work on all scenarios
wrong directory (missing private directory)?
then what is the correct path?