Bind ADDC via LDAP TLS 1.2?

Questions about using Windows AD service.
Post Reply
Avx055
First post
Posts: 1
Joined: Wed Nov 25, 2020 10:52 pm

Bind ADDC via LDAP TLS 1.2?

Post by Avx055 » Fri Nov 27, 2020 2:37 am

Hallo all,

This is my first post and I’ like to start it by thanking all the contributors. Information on the forum has helped me numerous times!

My head is about to explode with the following question: Is it possible to establish a bind to the QNAP ADDC on port 389 or 636 via LDAP and TLS 1.2?

I am using a TVS-882-i5 with Firmware 4.5.1.1495 and and have a self-signed certificate installed. I have activated the Domain Controller, which overall has done a decent job for a few years in the small network I operate. At present, I try to authenticate domain users in docker applications in container station, some of which require TLS 1.2 as a minimum.

I am puzzled that the above ports on the native ADDC work as a maximum with TLS 1.1 on my system. They also respond with an autogenerated samba-certificate rather than the self-signed certificate for my domain. On all other ports I have tried (Admin Interface, Web Server, even the native LDAP-server with ADDC disabled) I can connect with TLS 1.2 and the server responds with the self-signed certificate. The same is true on an older TS-459 Pro II, which does not have the ADDC functionality. When I reset the Domain Controller, it also only responds with TLS 1.1.

Can anyone help me with shedding some light on this behaviour? Is TLS 1.1 the highest version for ADDC LDAP? If not, how can it be changed?

Your answers will be much appreciated, cheers Avx055

Post Reply

Return to “Windows Domain & Active Directory”