HomeAdmin ManualTroubleshooting GuidesLDAP connections with Self-Signed SSL

12.13. LDAP connections with Self-Signed SSL

If an LDAP server being utilized with HelpSpot does not a have a publicly trusted cert the PHP LDAP DLL needs to be configured with the proper settings to allow it to connect.

This condition is indicated by an error in the HelpSpot log file stating:

BindException: Can’t contact LDAP server in C:\inetpub\wwwroot\vendor\adldap2\src\Auth\Guard.php

You should first confirm that there is no firewall rule blocking port 389 (standard LDAP) or port 636 (LDAPS).

If you can telnet to the LDAP server specified in HelpSpot's settings on the LDAP ports from the HelpSpot server, but it still fails to authenticate users, select one of the options below to resolve the issue.

Note: The Windows PHP libraries are hard-coded to look for an open ldap config file (ldap.conf) in C:\openldap\sysconf\ldap.conf. On Linux you should be able to find it in /etc/openldap/ldap.conf

Create the ldap.conf text file mentioned above - this is where you point to your certificate store. Once you create this file in the needed location, you can begin to edit it.

There are two options for resolution. The first option is the most secure, providing certificate verification by referencing a trusted certificate path. In a secured environment not publicly accessible, you may elect to bypass certificate verification using the second option.

Option 1: provide a path to a valid trusted certificate

  1. Create a cert file that contains the certificate hashes.
  2. Edit the ldap.conf file and add a line for the command TLS_CACERT like TLS_CACERT=C:\path\to\my\cert.pem
  3. To add a certificate as a trusted in the cacert.pem file, simply get a copy of the public key of the certificate in question (this needs to be exported in base64 format).

Option 2: automatically trust all certs without verification

  1. Edit the ldap.conf file to include only the line TLS_REQCERT never

After making the required changes, restart your web server.

Knowledge Tags

Related Pages
This page was: Helpful | Not Helpful