LDAPS setup

ldaps configuration when using ldaps, you must specify the "ldaps\ //" protocol at the beginning of the hostname and use port "636", for example ldaps\ //passwork local 636 to enable ldaps functionality, the passwork server must trust the ca certificates that issued the ldaps server’s certificate installing certificates certificates must be in the crt format ubuntu/debian create the directory /usr/local/share/ca certificates/ if it does not exist mkdir /usr/local/share/ca certificates/ place the ldaps server certificate in the following directory cp \<full path to the certificate> /usr/local/share/ca certificates/ update the trust store sudo update ca certificates centos allow dynamic configuration of the trust store update ca trust force enable place the ldaps server certificate in the /etc/pki/ca trust/source/anchors/ directory cp \<full path to the certificate> /etc/pki/ca trust/source/anchors/ update the trust store sudo update ca certificates docker to make a root ldaps certificate a trusted one, you need to copy a pem or crt certificate in to /conf/custom ca and restart the php container docker compose restart passwork php windows php for windows uses its own certificate store as such, if passwork is installed on a windows server, the php module responsible for ldap will not accept the ldap server certificate, even if it has been added to the windows trusted certificate store for php to accept the certificate, you need to create an openldap folder in your system root directory create a sysconf folder in the openldap folder create a ldap conf file in the sysconf folder with the following lines tls cacert c \openldap\sysconf\ldap example cer tls reqcert demand where tls cacert is the path to your certificate please note a certificate with the cer extension must include both the root and all intermediate certificates to connect correctly to the ldaps server; the certificate must be in base64 format if you open the certificate file with notepad, you will see the certificate hash ldaps debugging to test for possible certificate issues during connection, execute the following command openssl s client connect dc1 local 636 showcerts to verify the certificates, execute the following command openssl verify cafile rootcert pem untrusted intermediate pem usercert pem use the cafile directive to specify the certificate of the ca that issued the ldpas server certificate use the untrusted directive to specify the ldaps server certificate and the certificates of intermediate servers in the chain (if you have them)