Vaildate connection using ldaps

when try to connect using ldaps:// on 389 or 363 not able connect even when use ApacheDirectoryStudio
or after adding the certificate to it still not able to do that ?
so what missing that not able to connect ?


/usr/sbin/account-provider-test dump

“BindDN” : “cn=ldapservice,cn=users,dc=ad,dc=test,dc=loc”,
“LdapURI” : “ldaps://”,
“DiscoverDcType” : “ldapuri”,
“StartTls” : “1”,
“port” : 636,
“host” : “”,
“isAD” : “1”,
“isLdap” : “”,
“UserDN” : “dc=ad,dc=test,dc=loc”,
“GroupDN” : “dc=ad,dc=test,dc=loc”,
“BindPassword” : “”,
“BaseDN” : “dc=ad,dc=test,dc=loc”,
“LdapUriDn” : “ldap:///dc%3Dad%2Cdc%3Dtest%2Cdc%3Dloc”

net ads info

LDAP server:
LDAP server name:
Realm: AD.IH.LOC
Bind Path: dc=AD,dc=test,dc=LOC
LDAP port: 389
Server time: Tue, 11 Feb 2020 17:23:39 +03
KDC server:
Server time offset: 0
Last machine account password change: Thu, 09 Jan 2020 16:55:45 +03

config getprop sssd Realm


Best Regards


Using the old GUI (Port 980), go to Accounts Provider, and grab this:

Use those for Auth…
An anonymous binding, like you seem to be trying, won’t work with NethServer AD.


My 2 cents


Thanks for reply actually,
Im using the info provide from nethserver AD so yes i used it but no luck.
what’s the defferent between starttls encrypt and ssl (ldaps) encrypt?

starttls: same port of LDAP, can manage/switch between encrypted and unencrypted connection
ldaps: different port than LDAP, only speak TLS connection on that port.

I use LDAPAdmin (it connects even if you use a self signed cert) under Windows, here are my connection settings:


I have

"BindDN" : "ldapservice@AD.TEST.LOC"

but both should work AFAIK…

1 Like