--- title: "Using LDAP with a Cloud Platform application" date: "2024-02-14T06:18:38+00:00" summary: "Integrate LDAP with your Cloud Platform application for secure directory access. Learn how to install modules, configure SSL/TLS, and test connections. Follow our step-by-step guide to enable LDAP communication for your website." image: type: "page" url: "/acquia-cloud-platform/using-ldap-cloud-platform-application" id: "638bf3ab-2b4a-40a8-9afb-d77d234580eb" --- You can configure your Cloud Platform website to communicate with the LDAP (Lightweight Directory Access Protocol) infrastructure on your internal network and access the directory information it contains. Use LDAP only if you do not require a web-friendly single sign-on (SSO) system (such as SimpleSAML). Enable LDAP: Main steps ----------------------- To enable communication between your LDAP infrastructure and your Cloud Platform application: 1. [Install and enable the LDAP module](#cloud-install-enable-ldap-module). 2. [(Optional) Get EIPs for your Cloud Platform environments](#cloud-get-eips). 3. [Configure SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate validation](#cloud-configure-cert-validation). 4. [Test your connection to the LDAP infrastructure](#cloud-test-ldap-connection). 5. [Configure LDAPS](/acquia-cloud-platform/develop-apps/drupal-apps/ldap/configuring-ldaps). Install and enable the LDAP module ---------------------------------- Make sure that your code repository contains a properly installed and enabled LDAP integration module for your application that matches your installed version of Drupal: **Drupal version** **Module** Drupal 7 [Download the version 7.x module](https://www.drupal.org/project/ldap) from the LDAP project page at Drupal.org. [Current Drupal version](/service-offerings/guide/software-life-cycle#supported-drupal-version) [Download the module for the current Drupal version](https://www.drupal.org/project/ldap) from the LDAP project page at Drupal.org. (_Optional_) Get EIPs for your Cloud Platform environments ---------------------------------------------------------- Depending on how your LDAP infrastructure is configured, you may need to allowlist your Cloud Platform Production or non-Production environments or both. Since the IP address of a Cloud Platform infrastructure can change at any time, this may require one or more static IP addresses, using Elastic IP (EIP) assignments. To get EIPs assigned to your Cloud Platform environment’s Drupal infrastructure, [create a Support ticket](/service-offerings/support#contact-acquia-support). For more information, see [Using Elastic IP addresses](/acquia-cloud-platform/manage-apps/domains/eip). Configure SSL/TLS certificate validation ---------------------------------------- The best practice in a production environment is to use SSL and certificate validation for communication between your LDAP infrastructure and your Cloud Platform website, as described in [Configuring LDAPS](/acquia-cloud-platform/develop-apps/drupal-apps/ldap/configuring-ldaps). Initially, however, configure your system to not require certificate validation. ### Turn off SSL/TLS certificate validation in ldap.conf Create an `ldap.conf` file that includes this line: TLS_REQCERT never You can put this file anywhere that your application can access. The best place is in your application’s codebase, at the same level, but not in your application’s docroot. For example, you could create a directory named `ldap` and put the `ldap.conf` file there. Specify the location of your `ldap.conf` file with an environment variable, `LDAPCONF`. For example, add a line like this to your `settings.php` file: putenv('LDAPCONF=../ldap/ldap.conf'); Temporary alternative to creating a ldap.conf file As a simpler alternative, instead of creating an `ldap.conf` file, you can add this line to your `settings.php` file, but it must be removed before enabling LDAP on your production website: putenv('LDAPTLS_REQCERT=never'); This line instructs LDAP to ignore the certificate request when connecting to a remote LDAP infrastructure. Until the line is removed, your application will not bind with the remote infrastructure, though connection tests with `openssl` will appear successful. Test your connection to the LDAP infrastructure ----------------------------------------------- Test whether your application can connect to the LDAP infrastructure. [Connect to your infrastructure with SSH](/acquia-cloud-platform/manage-apps/command-line), and enter a command similar to the following: openssl s_client -connect [ldapserver.address.com]:[port] Final step - Set up secure communication ---------------------------------------- After you have confirmed that your website can connect to the LDAP infrastructure, set up secure communication with LDAPS, as described in [Configuring LDAPS](/acquia-cloud-platform/develop-apps/drupal-apps/ldap/configuring-ldaps).