Breadcrumbs

Connecting to AD via SSL

If you want to securely add users, change passwords, or connect to the Active Directory server being used with your FileCloud site, then you will need to use an SSL certificate.

The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology.

Before you can enable the use of SSL certificates in FileCloud Server, you must have completed the following steps:

  1. Install and configure your Active Directory server

  2. Install an SSL certificate on your Active Directory server


How do I enable the use of SSL in FileCloud Server?

To enable the use of SSL Certificates in FileCloud Server:

  1. In the FileCloud admin portal's left navigation bar, scroll down and click Settings. Then, on the Settings navigation page, click Authentication  AuthenticationIcon.png .
    The Authentication settings page opens.

  2. Under Authentication, change Authentication type to Active Directory, and click Save.
    AuthType2.png
    Additional settings appear.

  3. In AD port, change the number to 636.

  4. Enable Use SSL for the connection.
    image-2024-10-31_15-12-47.png

  5. Click Save

How can I troubleshoot my AD/SSL connection?

If you have problems connecting after setting the above and non-SSL connections work OK, you might have to set this additional parameter.

  1. Create an ldap.conf file.

    Windows Location: c:\openldap\sysconf\ldap.conf
    Ubuntu Location: /etc/ldap/ldap.conf 
    RHEL Location: /etc/openldap/ldap.conf


  2. Add the following command to the ldap.conf file: 

    #
    # LDAP Defaults
    #
    TLS_REQCERT never


  3. Restart Apache server.

How do I connect to AD using TLS?

Connecting to Active Directory over TLS

TLS

To use TLS, use port 389 instead of port 636, and enable Use TLS for the connection instead of Use SSL for the connection.


To disable use of TLS v1.2 behavior, if necessary, add the following to WWWROOT/thirdparty/adLDAP.php 

if ($this->useSSL) {
putenv("LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2");
$this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
} else {
$this->ldapConnection = ldap_connect($domainController, $this->adPort);
}