We used to authenticate our JAMF users (as owners of iPad-devices) against an Active Directory on our local Windows Server 2016 for several years. The server accepts only SSL connections and uses a special user for ldap-requests by jamf (no anonymous connections). The connections are secured by "Let's Encrypt" wildcard certificates which are renewed at least every three months. After each renewal I had to re-enter the domain-name on the organization/preferences/synchronization tab.
This scenario worked fine since 2020. It works still fine for other services (e.g. our timetables by WebUntis, which authenticate via ldaps, too, and it's also used by our Nextcloud and by local scripts)
Since several weeks it does not work any more: When I enter either LDAP-Server or LDAP-Port, there is an error "Fehler beim Abrufen des LDAP-Zertifikats" (Error retrieving the LDAP certificate). These errors are listed in our server's log:
Event-ID 2085:
Internal event: An LDAP over Secure Sockets Layer (SSL) connection could not be established with a client.
Client network address:
18.194.106.10:20340
Protocol:
TCP
Additional Data
Error value:
2148074279 Beim Verarbeiten des Zertifikats ist ein unbekannter Fehler aufgetreten.
Internal ID:
c050878
Event-ID 1216:
Internal event: An LDAP client connection was closed because of an error.
Client IP:
18.194.106.10:20340
Additional Data
Error value:
3 Das System kann den angegebenen Pfad nicht finden.
Internal ID:
c060600
The support team tells me that our firewall could be misconfigured (but it performs NAT-translation on port 636 for any WAN address) or our LDAP server (he works well for any other services).
Any idea?
Regards
Joachim
