LDAP CERTIFICATE support is available in Cacti, but there is no documentation for it

[TheWitness]

Describe the bug

In the following bug report, it is reported that Cacti already supports certificates for LDAP, but that there is no documentation. Please document it.

https://github.com/Cacti/cacti/issues/1573

[netniV]

@bmfmancini One for you?

[bmfmancini]

Got it

[TheWitness]

Yea, the way we support it is by placing those settings in the environment of Apache/PHP, so that those variables can be found and processed. This was added a while ago. There is a version dependency of course, but if you are using like PHP7.3++, it should not be a problem. Here is the relevant code snippet.

        if (getenv('TLS_CERT') != '' && defined('LDAP_OPT_X_TLS_CERTFILE')) {
            cacti_log('NOTE: Settings TLS_CERT to ' . getenv('TLS_CERT'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
            ldap_set_option(null, LDAP_OPT_X_TLS_CERTFILE, getenv('TLS_CERT'));
        }

        if (getenv('TLS_CACERT') != '' && defined('LDAP_OPT_X_TLS_CACERTFILE')) {
            cacti_log('NOTE: Settings TLS_CACERT to ' . getenv('TLS_CACERT'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
            ldap_set_option(null, LDAP_OPT_X_TLS_CACERTFILE, getenv('TLS_CACERT'));
        }

        if (getenv('TLS_KEY') != '' && defined('LDAP_OPT_X_TLS_KEYFILE')) {
            cacti_log('NOTE: Settings TLS_KEY to ' . getenv('TLS_KEY'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
            ldap_set_option(null, LDAP_OPT_X_TLS_KEYFILE, getenv('TLS_KEY'));
        }

        if (getenv('TLS_CACERTDIR') != '' && defined('LDAP_OPT_X_TLS_CACERTDIR')) {
            cacti_log('NOTE: Settings TLS_CACERTDIR to ' . getenv('TLS_CACERTDIR'), false, 'AUTH', POLLER_VERBOSITY_HIGH);
            ldap_set_option(null, LDAP_OPT_X_TLS_CACERTDIR, getenv('TLS_CACERTDIR'));
        }