Using LDAP on an Acquia Cloud website

You can configure your Acquia Cloud website to communicate with the LDAP (Lightweight Directory Access Protocol) server on your internal network and access the directory information it contains. Use LDAP only if you do not require a web-friendly single sign-on (SSO) system (such as SimpleSAML or Shibboleth).

Enable LDAP: Main steps

Complete these main steps to enable communication between your LDAP server and your Acquia Cloud website:

  1. Install and enable the LDAP module.
  2. Optionally, get an Elastic IP address (EIP) for your Acquia Cloud environments.
  3. Configure SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate validation.
  4. Test your connection to the LDAP server.
  5. Configure LDAPS.

Install and enable the LDAP module

Make sure that your code repository contains a properly installed and enabled LDAP integration module for your website that matches your installed version of Drupal:

Get EIPs for your Acquia Cloud environments (optional)

Depending on how your LDAP server is configured, you may need to whitelist your Acquia Cloud production or non-production environments or both. Since the IP address of an Acquia Cloud server instance can change at any time, this may require you to get a static IP address, using an Elastic IP (EIP) address. To get an EIP for your Acquia Cloud environments, open an Acquia support ticket. For more information, see Using an Elastic IP address.

Configure SSL/TLS certificate validation

The best practice in a production environment is to use SSL and certificate validation for communication between your LDAP server and your Acquia Cloud website, as described in Configuring LDAPS. Initially, however, configure your system to not require certificate validation.

Turn off SSL/TLS certificate validation in ldap.conf

Create an ldap.conf file that includes this line:

TLS_REQCERT never

You can put this file anywhere that your website can access. The best place is in your website's codebase, at the same level, but not in your website's docroot. For example, you could create a directory named ldap and put the ldap.conf file there.

Specify the location of your ldap.conf file with an environment variable, LDAPCONF. For example, add a line like this to your settings.php file:

putenv('LDAPCONF=../ldap/ldap.conf');

As a simpler alternative, instead of creating an ldap.conf file, you can add this line to your settings.php file:

putenv('LDAPTLS_REQCERT=never');

Test your connection to the LDAP server

Test whether your website can connect to the LDAP server. Connect to your server with SSH, and then enter a command similar to the following:

openssl s_client -connect [ldapserver.address.com]:[port]

Final step - Set up secure communication

After you have confirmed that your website can connect to the LDAP server, set up secure communication with LDAPS (as described in Configuring LDAPS).

Drupal Projects

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
By submitting this form, you accept the Mollom privacy policy.

Contact supportStill need assistance? Contact Acquia Support