Hello,
when try to connect using ldaps:// on 389 or 363 not able connect even when use ApacheDirectoryStudio
or after adding the certificate to it still not able to do that ?
so what missing that not able to connect ?

Info:

/usr/sbin/account-provider-test dump

{
“BindDN” : “cn=ldapservice,cn=users,dc=ad,dc=test,dc=loc”,
“LdapURI” : “ldaps://nsdc-th.ad.test.loc”,
“DiscoverDcType” : “ldapuri”,
“StartTls” : “1”,
“port” : 636,
“host” : “nsdc-th.ad.test.loc”,
“isAD” : “1”,
“isLdap” : “”,
“UserDN” : “dc=ad,dc=test,dc=loc”,
“GroupDN” : “dc=ad,dc=test,dc=loc”,
“BindPassword” : “”,
“BaseDN” : “dc=ad,dc=test,dc=loc”,
“LdapUriDn” : “ldap:///dc%3Dad%2Cdc%3Dtest%2Cdc%3Dloc”
}
#########

net ads info

LDAP server: 192.168.100.45
LDAP server name: nsdc-th.ad.test.loc
Realm: AD.IH.LOC
Bind Path: dc=AD,dc=test,dc=LOC
LDAP port: 389
Server time: Tue, 11 Feb 2020 17:23:39 +03
KDC server: 192.168.100.45
Server time offset: 0
Last machine account password change: Thu, 09 Jan 2020 16:55:45 +03

config getprop sssd Realm

AD.test.LOC

Best Regards

Hi

Using the old GUI (Port 980), go to Accounts Provider, and grab this:

Bildschirmfoto 2020-02-12 um 11.19.40.JPG702×288 29.3 KB

Use those for Auth…
An anonymous binding, like you seem to be trying, won’t work with NethServer AD.

My 2 cents

Andy

Thanks for reply actually,
Im using the info provide from nethserver AD so yes i used it but no luck.
what’s the defferent between starttls encrypt and ssl (ldaps) encrypt?

AFAIK.
starttls: same port of LDAP, can manage/switch between encrypted and unencrypted connection
ldaps: different port than LDAP, only speak TLS connection on that port.

I use LDAPAdmin (it connects even if you use a self signed cert) under Windows, here are my connection settings:

I have

"BindDN" : "ldapservice@AD.TEST.LOC"

but both should work AFAIK…