How to configure secure LDAP authentication (LDAPS)?

  1. Install ldap-utils, openssl and php-ldap (php4-ldap) packages.
  2. Upload LDAP server public certificate (or certification authority public certificate ) (PEM file) to the /etc/ssl/certs directory.
  3. Run the "c_rehash" command to create/update certificate hashes.
  4. Edit LDAP configuration file (/etc/ldap/ldap.conf) and add the following option: 
    TLS_CACERTDIR   /etc/ssl/certs
    Note: Between TLS_CACERTDIR and directory must be a TAB character (don't use a space)!
  5. Restart Apache web server.
  6. Now, you can verify connection by using the command: 
    ldapsearch -x -H ldaps://ldap.mydomain.com
  7. If it is success, you can use ldaps in your web authentication.