Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. 
The Basics
- Nextcloud Server version (e.g., 29.x.x):
31.0.0
- Operating system and version (e.g., Ubuntu 24.04):
Alma 9.5
- Web server and version (e.g, Apache 2.4.25):
Nginx
- PHP version (e.g, 8.3):
PHP-FPM 8.3
Summary of the issue you are facing:
Fresh install of the latest NextCloud and I’m trying to get it to connect to a brand new Windows Server 2025 AD setup I’ve created. I know 2025 now uses signed LDAPS as a default for the first time. I created a CA on the system to get a root cert created. I proceeded to export it, convert to .pem with openssl, and install it on my server as an additional root trust. I opened port TCP 636 on the Windows firewall for all. I can “openssl s_client connect” to the LDAP 636 port just fine and all looks good.
I’m not sure if the AD account used to access the LDAPS service needed delegated read permissions or not, but I granted them anyway. I pulled the DN for the user right out of the ADUC advanced properties. I tried setting it up on port 636 on the normal server config LDAP/AD integration app I enabled. I keep getting the error: “Lost connection to LDAP server.”
I’ve gone ahead and setup an “Advanced” server profile with the appropriate creds, checked “Disable Main Server,” and even tried turning off SSL cert validation too. Nothing.
I have no error log output on the NextCloud server to tell me anything. I’ve checked the Nginx, PHP-FPM, and nextcloud.log files. I even blanked them out, restarted, and tried again to see if there were any entries in them. Nothing. Permissions are all fine on those, as I had seen errors in the past during setup.
Configuration
Nextcloud
The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"10.200.2.41"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "31.0.0.18",
"overwrite.cli.url": "http:\/\/10.200.2.41",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
"maintenance_window_start": 0
}
}
Apps
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- bruteforcesettings: 4.0.0
- calendar: 5.1.3
- circles: 31.0.0-dev.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.0.3
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- mail: 4.2.5
- nextcloud_announcements: 3.0.0
- notes: 4.11.0
- notifications: 4.0.0
- oauth2: 1.19.1
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- richdocuments: 8.6.2
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- spreed: 21.0.1
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_ldap: 1.22.0
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0
- encryption: 2.19.0
- files_external: 1.23.0
- richdocumentscode: 24.4.1204
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
Thanks in advance!