Hi all !
I’ve spent a few hours this week trying to find a working configuration for an Active Directory LDAP backend.
Basically, only these two configuration directives needs to differ from the documentation’s example ;
This will allow users to login using their account name. No
user@DOMAIN.com required, simply
user will work.
If you want to enable SSL;
3269 is the Global Catalog LDAPS port. I prefer it over the non-GC port, 636, to avoid referrals. Use case may differ according to your own environment, especially if you have multiple domains within a forest.
ssl_trust_all_certs is necessary unless you prefer importing your Active Directory’s domain root CA into the java keystore.