Im still in the process of trying to get ldap working with our archiver. I'm working with a barracuda engineer, but what he is saying and what my Network and security engineers are saying differ, so I want to see what others think. Since we don't want our ldap host server names exposed externally, I used a nat'd ip address, and created an external dns a-record using that natting, on port 636. I used that as my ldap host name in the ldap setup in the cloud archiver, and the ldap test connection as failing out. Going insane, I tried everything I could think of, and finally realized that it seems to be some sort of timeout issue with the number of items ldap is trying to sync. The reason I believe this, is because when I set up the base DN using the top level (dn=domain,dn=com), the ldap connection test fails out with "An unknown error occurred. Please try again." We CAN see the user account info passing through on the F5. But, as I add lower level (more local) ou's into the DN string, eventually I get "Successfully connected to ldap host". Also, when I look at the groups tab, I can see that my AD security groups are visible.
Here's the second issue. Even after a sync completes, I still cannot log in with an AD authenticated account, even one that I know is in the local OU level.
Anyone seen something like that, and have any clue what else I may need to confirm on our end?
Im sure theres more info needed, so let me know what else I can provide.