[TASK][DOC] Describe workaround for untrusted LDAP server certificate

xperseguers · xperseguers · commit ec2b6232e844 · 2017-10-04T09:38:22.000+02:00
Related: #82658 Change-Id: Icf65c6eeb6829fc1a31aa52d40baab09289c03e1 Reviewed-on: https://review.typo3.org/54280 Reviewed-by: Xavier Perseguers <xavier@typo3.org> Tested-by: Xavier Perseguers <xavier@typo3.org>
diff --git a/Documentation/AdministratorManual/Ldap.rst b/Documentation/AdministratorManual/Ldap.rst
@@ -75,6 +75,16 @@ SSL
 Whether you want to use :abbr:`SSL (Secure Socket Layer)`, that is start with an encrypted connection on default port
 636.
 
+.. note::
+    Some web servers may fail at connecting to the LDAP server since they report that the server certificate is
+    untrusted (although issued by a valid CA such as Letsencrypt). In case this happens and you cannot change the web
+    server configuration (e.g., shared hosting), you may add this line to :file:`typo3conf/AdditionalConfiguration.php`:
+
+    .. code-block:: php
+
+        // Always trust the LDAP server certificate
+        putenv('LDAPTLS_REQCERT=never');
+
 
 .. _admin-manual-ldap-binddn:
 
