An application in Azure requires secure LDAP

Question

I have one application installed in a VM in Azure. Now I have Azure AD DS up and running. The app requires LDAPS to authenticate. Users will be created in Azure AD. When I check Azure AD Domain Services in Azure portal, it says in Secure LDAP tab that 'Secure LDAP' and 'Allow secure LDAP access over the internet' is toggled to the right, Enable. Also there is a certificate expire date, so I assume that a public CA cert is applied. I say assume because I did not set it up.

Two questions

1. According to Tutorial - Configure LDAPS for Azure Active Directory Domain Services | Microsoft Learn , you can't get certificate from a public CA with the default .onmicrosoft.com domain. However, our AADDS's domain name is using onmicrsoft.com such as aa.onmicrosoft.com. Does this mean that we are not using Secure LDAP?
2. How do you actually use LDAP(s)? Where is the host name for LDAP?

I really cannot figure this out. Maybe there is something that I am not thinking right. Please help.

Answer 1

1. You can still create a self-signed certificate and use that, but that's mostly only used for testing purposes. https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps
2. The host name is just the host name of the LDAP DNS Server host. <hostname>.<domain> is the default. Example: gt034.mydomain.com

I would recommend following the tutorial here for what you are trying to achieve. You can also check out some of the Github samples:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory-domain-services/tutorial-configure-ldaps.md

There are some existing tutorials on Youtube too that you can also follow.