11.15. LDAP connections with Self-Signed SSL
If an LDAP server being utilized with HelpSpot does not a have a publicly trusted cert the PHP LDAP DLL needs to be configured with the proper settings to allow it to connect.
There are two options:
Note: The windows PHP libraries are hard-coded to look for
an open ldap config file (
C:\openldap\sysconf\ldap.conf. On linux you should be able to find it in /etc/openldap/ldap.conf
- Create the ldap.conf text file mentioned above - this is where you point to your certificate store. Once you create this file, in the needed location you can begin to edit it.
- The first options is to put in
TLS_REQCERT never… but this means no certs are verified and all are trusted automatically.
- Instead of the
TLS_REQCERT neveroption we can also create a cert file that contains the certificate hashes
- Edit the
ldap.conffile and add a line for the command
- To add a certificate as a trusted in the cacert.pem file,
simply get a copy of the public key of the certificate in question (this needs to be exported
in base64 format).
- After making such changes, you will need to restart your web server.