Hello Nicolas,
please allow me to try and explain how I would set this up. I hope this will give you a fair starting point.
This applies to OpenLDAP, ADFS over SSL. I would recommend to use encryption for various reasons.
Some basic settings in the olat.local.properties would be:
ldap.enable=true # of course
ldap.activeDirectory=true # In your case
ldap.ldapBases=ou=XXX,dc=XXX,dc=XXX # where do we find the users?
ldap.ldapSyncCronSync=false # or true, but I would start with false
ldap.ldapSyncOnStartup=false # or true, but I would start with false
ldap.ldapSystemDN=CN=YYY,dc=XXX,dc=XXX # This can be the dn or email of a user allowed to read the entries
ldap.ldapSystemPW=QWERQWERQWER
ldap.sslEnabled=true
ldap.ldapUrl=ldaps://XXX:XXX:636 # IP or Hostname with port number
ldap.trustStoreLocation=/PATH/TO/MY/cacerts # You have timport the server's certificate into the cacerts of Java, see below
ldap.trustStorePwd=ASDFASDFASDF # changeit unless changed, see below
ldap.trustStoreType=JKS
Java cacerts:
You should copy the cacerts file from JAVA_HOME/jre/lib/security/cacerts to somewhere else (Path from olat.local.properties) and get the server's certificate as .x509 File. Import it with this command:
JAVA_HOME/jre/bin/keytool -import -file PATH/server-ldaps-cert.x509 -alias ldaps -keystore /PATH/TO/MY/cacerts
It will ask for a password. This is "changeit" until you change it.
I hope this helps, since from here on, it really is a very custom thing, depending on how you have set up your active directory and how you want to use that information in OpenOLAT.
Cheers,
Oliver