Using LDAP on an Acquia Cloud website
You can configure your Acquia Cloud website to communicate with the LDAP (Lightweight Directory Access Protocol) server on your internal network and access the directory information it contains. Use LDAP only if you do not require a web-friendly single sign-on (SSO) system (such as SimpleSAML or Shibboleth).
Enable LDAP: Main steps
Complete these main steps to enable communication between your LDAP server and your Acquia Cloud website:
- Install and enable the LDAP module.
- Configure SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate validation.
- Test your connection to the LDAP server.
- Configure LDAPS.
Install and enable the LDAP module
Make sure that your code repository contains a properly installed and enabled LDAP integration module for your website, based on your installed version of Drupal:
- Drupal 7.x - Download the version 7.x module from the LDAP project page at drupal.org.
- Drupal 6.x - Download the version 6.x module from the LDAP integration project page at drupal.org.
Configure SSL/TLS certificate validation
The best practice in a production environment is to use SSL and certificate validation for communication between your LDAP server and your Acquia Cloud site, as described in Configuring LDAPS. Initially, however, configure your system to not require certificate validation.
Turn off SSL/TLS certificate validation in ldap.conf
ldap.conf file that includes this line:
You can put this file anywhere that your site can access. The best place is in your site's codebase, at the same level, but not in your site's docroot. For example, you could create a directory named
ldap and put the
ldap.conf file there.
Specify the location of your
ldap.conf file with an environment variable,
LDAPCONF. For example, add a line like this to your
As a simpler alternative, instead of creating an
ldap.conf file, you can just add this line to your
Test your connection to the LDAP server
Test whether your website can connect to the LDAP server. Connect to your server with SSH, and then enter a command like:
openssl s_client -connect [ldapserver.address.com]:[port]
After you've confirmed that your website can connect to the LDAP server, set up secure communication with LDAPS, as described in Configuring LDAPS.