Hi
It says in the LI 3.3 releasenotes that: "Ports 389 TCP and UDP, 636 TCP, 3268 TCP, 3269 TCP, and 88 TCP and UDP need to be open from all nodes within a cluster for Active Directory integration."
I have only opened TCP/636/LDAPS and it seems to be functioning OK. Why do I need to open the other ports, particularly 3268 and 389?
Also, what is port 88 for? Is it really necessary?
Another thing: to enable nested groups, I not only had to set ad-nested-groups value="false" /> to true, but also <ad-nested-groups-matching-chain-rule value="true" /> to false. Why? o_O