Dear community, Currently trying to reconfigure working ACS LDAP authentication to LDAPs but I believe something of importance may be missing in the guide (https://docs.cloudstack.apache.org/en/latest/adminguide/accounts.html#ldap-ssl). It says that if ldap.truststore and ldap.truststore.password are configured it will switch working to LDAPS but that is not the case. The logs confirm LDAP protocol is used when adding host after updating the config - "(logid:aafbef8a) initializing ldap with provider url: ldap://X.X.X.X:636"
Here are a few questions to round the issue: * API docs (LDAPCONFIG - https://cloudstack.apache.org/api/apidocs-4.15/apis/ldapConfig.html) mention the ability to enable SSL and bind certificate for an ldap host but there is no option to define the domain for the specific ldap configuration. * What if multiple domains are present and their configs use the same ldap server. Can the SSL of one domain ldap config be changed one at a time or is this based on ldap host level * ldap.truststore - is syntax something like /opt/CAROOT.crt going to work or it originates from a default directory? * ldap.truststore.password - what if the certificate is without password, is it going to work? Any example commands on how this can be done through cloudmonkey will be much appreciated! Best regards, Jordan