Start FileCloud FREE Trial
Log in

Connecting to AD via SSL

If you want to securely add users, change passwords, or connect to the Active Directory server being used with your FileCloud site, then you will need to use an SSL certificate.

The Lightweight Directory Access Protocol (LDAP) is used to read from and write to Active Directory. By default, LDAP traffic is transmitted unsecured. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology.

Before you can enable the use of SSL certificates in FileCloud Server, you must have completed the following steps:

  1. Install and configure your Active Directory Server
  2. Install an SSL certificate on your Active Directory Server


To enable the use of SSL Certificates in FileCloud Server:

  1. Open a browser and log in to the admin portal. 

  2. From the left navigation menu, under Settings, select the Settings tab.
  3. On the Settings screen, select the Authentication tab.
  4. On the Authentication tab, under Authentication Settings, select the Active Directory tab.
  5. On the Active Directory tab, under Active Directory Settings, in AD Port, change the number to 636.
  6. On the Active Directory tab, under Active Directory Settings, select the Use SSL check box.
  7. Click Save

If you have problems connecting after setting the above and non-SSL connections work OK, you might have to set this additional parameter.

  1. Create an ldap.conf file.

    Windows Location: c:\openldap\sysconf\ldap.conf
    Ubuntu Location: /etc/ldap/ldap.conf 
    RHEL Location: /etc/openldap/ldap.conf

  2. Add the following command to the ldap.conf file: 

    #
    # LDAP Defaults
    #
    TLS_REQCERT never

  3. Restart apache server.



Connecting to Active Directory over TLS

TLS

To use TLS, use port 389 instead of port 636.


To disable use of TLS v1.2 behavior, if necessary, add the following to WWWROOT/thirdparty/adLDAP.php

if ($this->useSSL) {
putenv("LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2");
$this->ldapConnection = ldap_connect("ldaps://" . $domainController, $this->adPort);
} else {
$this->ldapConnection = ldap_connect($domainController, $this->adPort);
}