summaryrefslogtreecommitdiff
path: root/doc/en_US/ldap-authentication.markdown
diff options
context:
space:
mode:
Diffstat (limited to 'doc/en_US/ldap-authentication.markdown')
-rw-r--r--doc/en_US/ldap-authentication.markdown27
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/en_US/ldap-authentication.markdown b/doc/en_US/ldap-authentication.markdown
index e994c149..6d80e9db 100644
--- a/doc/en_US/ldap-authentication.markdown
+++ b/doc/en_US/ldap-authentication.markdown
@@ -153,6 +153,33 @@ define('LDAP_USER_BASE_DN', 'ou=People,dc=example,dc=com');
define('LDAP_USER_FILTER', 'uid=%s');
```
+Example for LDAPS (SSL-encryption)
+----------------------------------
+
+Some LDAP servers are configured for "LDAPS" connectivity only (on port 636). This is different to TLS, which starts off in cleartext (port 389 by default) and then sets up encryption over the same channel.
+
+To tell PHP to use LDAPS, you need to prefix the name of your LDAP server with "ldaps://", as in the example below:
+
+Our LDAP server is `myserver.example.com` and is only accessible via LDAPS. Most likely we won't want to validate the server cert, and we DON'T want TLS.
+
+For this example we use the anonymous binding.
+
+```php
+<?php
+
+// Enable LDAP authentication (false by default)
+define('LDAP_AUTH', true);
+
+// LDAP server hostname
+define('LDAP_SERVER', 'ldaps://myserver.example.com');
+
+// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
+define('LDAP_SSL_VERIFY', false);
+
+// Enable LDAP START_TLS
+define('LDAP_START_TLS', false);;
+```
+
Disable automatic account creation
-----------------------------------
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-20 22:15:13 +0000