Details
I am trying to connect against a LDAP server with Secure Port enable (636)
The connectivity seems working perfectly fine but I need to use a certificate otherwise the transactions will be refused.
Where can I load the ldaps/tls certificate in phabricator?
Answers
I'm only passingly familiar with ldap but it looks like Phabricator uses php_ldap library for communicating with the ldap service. Because of this I believe the resolution for this will be dependent on your server configuration (httpd vs. nginx, linux distro, etc.) and may not involve configuring Phabricator directly.
I think the general idea is:
- Install/copy necessary certificate to proper location (possibly something like /etc/ldap/certs)
- Setup ldap.conf to point to the certificate
With this setup when Phabricator attempts to authorize/query the directory, the use of php_ldap should pick up these system/environment settings and connect using the configured certificate.
Someone left a comment on this page which provides some instructions on configuring a .pem certificate:
http://php.net/manual/en/function.ldap-start-tls.php
Other useful links:
http://linux.about.com/library/cmd/blcmdl5_ldap.conf.htm
http://stackoverflow.com/questions/6046212/php-how-to-specify-ldap-conf-location