Sub-Title: “What if you don’t know the exact certificate subject of the AD server?”
If you just don’t know the certificate “subject” name of the server you’re trying to query (remember from part 1 in this series that subject name match is critical in LDAPS queries!), but you have the IP address or other resolvable hostname info, here’s how to check the subject of the certificate:
openssl s_client -connect corpdc01.yourlinuxguy.com:636 -showcerts
This will dump a whole bunch of SSL information, and the first couple lines will show you the server subject, but to be 100% certain you should scroll down to the “Server certificate subject” section to see the value and be sure.
I hope that helps!