Start FileCloud FREE Trial
Log in

Connecting to AD via SSL

If you want to securely add users, change passwords, or connect to the Active Directory server being used with your FileCloud site, then you will need to use an SSL certificate.

The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology.

Before you can enable the use of SSL certificates in FileCloud Server, you must have completed the following steps:

  1. Install and configure your Active Directory Server
  2. Install an SSL certificate on your Active Directory Server

(lightbulb) In the following section, to display more information, click on a topic.


To enable the use of SSL Certificates in FileCloud Server:

  1. Open a browser and log in to the Admin Portal

  2. From the left navigation menu, under Settings, select the Settings tab.
  3. On the Settings screen, select the Authentication tab.
  4. On the Authentication tab, under Authentication Settings, select the Active Directory tab.
  5. On the Active Directory tab, under Active Directory Settings, in AD Port, change the number to 636.
  6. On the Active Directory tab, under Active Directory Settings, select the Use SSL check box.
  7. Click Save



If you have problems connecting after setting the above and non-SSL connections work OK, you might have to set this additional parameter.

  1. Create a ldap.conf file.

    Windows Location should be c:\openldap\sysconf\ldap.conf
    Ubuntu Linux Location should be /etc/ldap/ldap.conf Centos Linux Location should be /etc/openldap/ldap.conf

  2. This ldap.conf file should be 

    #
    # LDAP Defaults
    #
    TLS_REQCERT never


  3. Restart apache server.



Connecting to Active Directory over TLS

TLS

To use TLS, Port 389 should be used instead of the 636


Some OS like Ubuntu 14.04, does TLS v1.2 negotiation by default. To disable this behavior, add the following line to WWWROOT/thirdparty/adLDAP.php

Disable TLS v1.2

if ($this->useSSL) {
putenv("LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2");
$this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
} else {
$this->ldapConnection = ldap_connect($domainController, $this->adPort);
}