In order to speak with AD servers, PHP installs need to use openldap.  And for the openldap server to maintain a trust level with the Active Directory server, we need to reference the AD’s certificate file in the ldap.conf file on the server that will run the PHP application.

1) Obtain a certficate file from the AD server (preferably in pem format), and copy it to the /etc/openldap/certs/ folder
2) Modify your ldap.conf file so that it reads:
TLS_REQCERT never
TLS_CRLCHECK none
TLS_CACERTDIR /etc/openldap/certs
TLS_CACERT /etc/openldap/certs/name_of_cert.pem
Once you’ve installed pem file in the ldap.conf, the service should begin communicating with the AD automatically.  If not, restart your service as root:
root@server:] service slapd restart

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.