Page 1 of 1

Bind ADDC via LDAP TLS 1.2?

Posted: Fri Nov 27, 2020 2:37 am
by Avx055
Hallo all,

This is my first post and I’ like to start it by thanking all the contributors. Information on the forum has helped me numerous times!

My head is about to explode with the following question: Is it possible to establish a bind to the QNAP ADDC on port 389 or 636 via LDAP and TLS 1.2?

I am using a TVS-882-i5 with Firmware and and have a self-signed certificate installed. I have activated the Domain Controller, which overall has done a decent job for a few years in the small network I operate. At present, I try to authenticate domain users in docker applications in container station, some of which require TLS 1.2 as a minimum.

I am puzzled that the above ports on the native ADDC work as a maximum with TLS 1.1 on my system. They also respond with an autogenerated samba-certificate rather than the self-signed certificate for my domain. On all other ports I have tried (Admin Interface, Web Server, even the native LDAP-server with ADDC disabled) I can connect with TLS 1.2 and the server responds with the self-signed certificate. The same is true on an older TS-459 Pro II, which does not have the ADDC functionality. When I reset the Domain Controller, it also only responds with TLS 1.1.

Can anyone help me with shedding some light on this behaviour? Is TLS 1.1 the highest version for ADDC LDAP? If not, how can it be changed?

Your answers will be much appreciated, cheers Avx055