From 0d97af04eb4837f6a7bf56ac9513a3dff686b965 Mon Sep 17 00:00:00 2001 From: Dominique Barton Date: Thu, 20 Nov 2025 23:56:08 +0100 Subject: [PATCH] Document TLS CA certificate for LDAP connectivity Check out the following issue for more information regarding this topic: https://github.com/roundcube/roundcubemail-docker/issues/382 --- plugins/password/README | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/plugins/password/README b/plugins/password/README index cf63d61e61..9cbcc4eb1d 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -194,6 +194,19 @@ See config.inc.php.dist file. Requires PEAR::Net_LDAP2 package. + Please note when connecting to an LDAP server with either SSL (`ldaps://`), + or StartTLS, you've to ensure the SSL certificate of the LDAP server must be + a valid certificate. Since PHPs `ldap_bind()` method uses the underlying + LDAP bindings, you've to configure `/etc/ldap/ldap.conf` with the appropriate + CA certificate, for example: + + ``` + TLS_CACERT /etc/ssl/certs/ca-certificates.crt + ``` + + This should work for an certificate signed by an «official CA». If you've your + private certificate authority, ensure you point `TLS_CACERT` to your CA + certificate. 2.1.5. DirectAdmin Control Panel (directadmin) ----------------------------------------------