Set up phabricator with LDAP authentication on Deb

On a server running Debian 8, how can I set up phabricator so that users are authenticated using a local LDAP server?

(Choosing LDAP because the same accounts should also be used by other web applications on the same server later)

Replace all occurrences of ***** with secure passwords and store them safely.

Replace all occurrences of example.com with something sensible.

Use ssh X11 tunneling for the jxplorer application if you have no local X.

apt-get install emacs aptitude dbconfig-common debconf fonts-font-awesome jq \
    php5-fpm libjs-raphael php5-cli php5-curl mysql-server php5-mysql \
    php5-ldap po-debconf ucf nginx php5-apcu php5-gd npm python mc git \
    default-jdk jxplorer slapd xauth

New password for the mysql root user: *****

Admin password for LDAP: *****

mysql -u root -p
mysql> grant all privileges on `phabricator\_%`.* to 'phabricator'@localhost identified by '*****';
mysql> exit

dpkg-reconfigure slapd

Enter

domain: users.example.com,
company name: example
everywhere else, accept the defaults

start jxplorer, connect, enter

Base DN: dc=users,dc=example,dc=com
Level: user + password
User DN: cn=admin,dc=users,dc=example,dc=com
Password: What you used earlier

save connection settings if you like

Add new users below "users" with objectClass account,simpleSecurityObject:

uid=developer,userPassword=*****,submit
uid=reviewer,userPassword=*****,submit
uid=webadmin,userPassword=*****,submit
uid=anonymous,userPassword=*****,submit

Exit jxplorer

Download debian binary packages from testing distribution: phabricator, arcanist, libphutil. Use https://packages.debian.org/testing/phabricator to find the download links

# in the directory where these 3 packages have been downloaded to
dpkg -i *.deb

phabricator domain: phabricator.example.com web server: nginx MySQL administrator account username: phabricator

Setup DNS: Either have phabricator.example.com point to your server in DNS. Or add the ip address of the server to the client's /etc/hosts file as phabricator.example.com

service nginx restart

if this fails, then issue

nginx -t

to get the error message.

if the error message is

nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32 then edit /etc/nginx/nginx.conf to include something like

http {
    server_names_hash_bucket_size 64;
    ...
}

Open http://phabricator.example.com/ in a web browser. It displays:

Authentication Failure. Your login session is invalid. Try reloading the page and logging in again. If that does not work, clear your browser cookies.

So I reload.

On the web page: