HomeAdmin ManualTroubleshooting GuidesLDAP connections with Self-Signed SSL

# 11.15. LDAP connections with Self-Signed SSL

If an LDAP server being utilized with HelpSpot does not a have a publicly trusted cert the PHP LDAP DLL needs to be configured with the proper settings to allow it to connect.

There are two options:

Note: The windows PHP libraries are hard-coded to look for an open ldap config file (ldap.conf) in C:\openldap\sysconf\ldap.conf. On linux you should be able to find it in /etc/openldap/ldap.conf

1. Create the ldap.conf text file mentioned above - this is where you point to your certificate store. Once you create this file, in the needed location you can begin to edit it.
2. The first options is to put in TLS_REQCERT never … but this means no certs are verified and all are trusted automatically.
3. Instead of the TLS_REQCERT never option we can also create a cert file that contains the certificate hashes
4. Edit the ldap.conf file and add a line for the command TLS_CACERT like TLS_CACERT C:\path\to\my\cert.pem
5. To add a certificate as a trusted in the cacert.pem file, simply get a copy of the public key of the certificate in question (this needs to be exported in base64 format).
6. After making such changes, you will need to restart your web server.

Related Pages