realm discover/join on port 636

[jsdumont]

Is there any way to use realmd to join active directory using LDAPS?

I'm in a secured environment and I can't use default port 389. I search but didn't find anything.

[jsdumont]

realm discover -v XXX.local
* Resolving: _ldap._tcp.XXX.local
* Performing LDAP DSE lookup on: 10.X.X.X
! Can't contact LDAP server
* Performing LDAP DSE lookup on: 10.Y.Y.Y
! Can't contact LDAP server


csf is configured to allow communication with domain controllers.

telnet:

# telnet XXX.local 389
Trying 10.X.X.X...
telnet: connect to address 10.X.X.X: Connection refused
Trying 10.Y.Y.Y...
telnet: connect to address 10.Y.Y.Y: Connection refused
Trying 10.Z.Z.Z...
telnet: connect to address 10.Z.Z.Z: Connection refused

==================

# telnet XXX.local 636
Trying 10.X.X.X...
Connected to XXX.local.
Escape character is '^]'.

[TrevorH]

I'd be pretty sure that if it uses port 389 at all then it's using STARTTLS immediately to switch to encrypted traffic. Reading man sssd-ldap says "If you want to authenticate against an LDAP server either TLS/SSL or LDAPS is required. sssd does not support authentication over an unencrypted channel". I'd guess that you can find the info you want in that man page though.

[jsdumont]

Indeed!

Thanks TrevorH