Q&A: Which ucr variable for secure ad-connector connection via port 636

scheinig · January 5, 2026, 11:20am

Question:

Which ucr variable do I have to set for a secure ad-connector connection via port 636?
What is wrong, if I enabled 636, but the conenction is not working anymore, even though the certificate is fine.

Answer:

The ucr variabels for secure ad-connection is a bit tricky, here is a list of working and not working combinations:

Working ucr varaibel combination:

connector/ad/ldap/ldaps: true
connector/ad/ldap/port: 636
connector/ad/ldap/ssl: no
=============================
connector/ad/ldap/port: 389
connector/ad/ldap/ssl: no
=============================
connector/ad/ldap/ldaps: true
connector/ad/ldap/port: 636
connector/ad/ldap/ssl: yes

NOT working ucr variable combination:

connector/ad/ldap/port: 636
connector/ad/ldap/ssl: yes

=============================
connector/ad/ldap/port: 636
connector/ad/ldap/ssl: no

=============================
connector/ad/ldap/ldaps: true
connector/ad/ldap/port: 389
connector/ad/ldap/ssl: no