While the following steps can help you successfully configure Microsoft secure LDAP for a Microsoft Entra Domain Services managed domain, it is highly recommended to refer to the official documentation for detailed guidance throughout this precise process.
https://learn.microsoft.com/en-us/entra/identity/domain-services/tutorial-configure-ldaps
1. Verify LDAPS Configuration in Azure
Ensure the following in Azure AD DS:
-
LDAPS is enabled (
Azure AD DS → Properties → Secure LDAP). -
SSL Certificate:
-
Uses
*.company.domainwildcard domain -
Is valid, trusted, and not expired
-
Matches the secure LDAP configuration
-
Password for
.pfxis correct (validate format and export settings if needed)
-
2. Get LDAPS Endpoint Info
From Azure AD DS:
-
Domain Name:
company.domain -
LDAPS Server: e.g.,
ldaps.company.domainor internal IP/FQDN of Azure AD DS DC -
Port:
636 -
Base DN: e.g.,
DC=company,DC=domain
3. Configure LDAP Integration in Myota (bZw)
In Myota (bZw) admin interface:
-
Enable LDAP integration module (if modular architecture applies).
-
Go to:
-
Settings → Admin → LDAP / AD Integration
-
-
Server Configuration:
-
Host: FQDN or IP of Azure AD DS LDAPS endpoint
-
Port:
636 -
Use TLS: ✅ Yes (LDAPS over 636)
-
Base DN:
DC=company,DC=domain -
User DN: e.g.,
CN=ldapadmin,CN=Users,DC=company,DC=domain -
Password: Secure LDAP bind account password
-
-
Use "Detect Base DN" if unsure.
4. Define User Login Filter
Restrict user sync to avoid non-human accounts:
(&(objectClass=user)(!(objectClass=computer)))
5. Group Settings (Optional)
If using LDAP groups in Myota (bZw):
-
Enable group import
-
Filter:
ldapCopyEdit(objectClass=group) -
Map group roles to Myota (bZw) permissions
6. Test Connection
-
Use built-in test tools in Myota (bZw) interface
-
Ensure:
-
Bind is successful
-
Users are retrieved from Azure AD DS via LDAPS
-
7. Sync LDAP Users
Once connected:
-
Myota (bZw) will sync users from Azure AD DS
-
Review logs (if applicable) to confirm sync