Versions Compared

Version Old Version 6 New Version 7
Changes made by

Milton Suen

John Bell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NOTE: Assume NOTE: The TLS certificate used for LDAPS was must be created using Active Directory Certificate Services.!

Export Root CA from Active Directory Server

  1. Log on as domain administrator on into the Active Directory domain server .as domain administrator:

    1. Click Start 🢂 Windows Administrative Tools 🢂 Certificate Authority to open the CA Microsoft Management Console (MMC) GUI.

    2. Highlight the CA computer, server and right-click to select CA Properties.:

    3. From General menu, click View Certificate.:

    4. Select the Details view , and click Copy to File on the lower-right corner of the window.:

    5. Use the Certificate Export Wizard to save the CA certificate file:

    6. Click Next, then select Base-64 encoded X.509 (.CER):

    7. Click Browse to select path to save the root-CA:

    8. Click Finish.

Install Root CA on

...

Swarm Gateway

  1. Copy the root-CA (acme-ca-bundle.crt) to all Cloud Swarm Gateway servers:
    /etc/pki/ca-trust/source/anchors/acme-ca-bundle.crt

  2. Run below the following command on Cloud each Gateway server:
    update-ca-trust

  3. Restart Gateway Services on each Gateway:
    systemctl restart cloudgateway

Test LDAPS connection from

...

Swarm Gateway

  1. Download the Duo Certification Verification Utility to Cloud each Swarm Gateway:
    cd /root/datacore
    curl -fLO https://dl.duosecurity.com/acert-linux
    chmod +x acert-linuxRun below

  2. Make sure each Gateway server can reach the Active Directory server (e.g. ping / traceroute or equivalent).

  3. Run the following command to verify the LDAPS certificate:
    ./acert-linux -host ad.acme.local -port 636

  4. Make sure Cloud Gateway can reach Active Directory

Configure LDAPS on

...

Swarm Gateway

  1. Create a User account that can login log in to Active Directory with read only access to LDAP/LDAPS.

  2. Refer to LDAP Configuration to configure gateway authenticate with Active Directory LDAP.

  3. Change protocol

    1. ldap ➔ ldaps

    2. Port 389 ➔ 636

  4. Now should able login Cloud Gateway authenticate with Active Directory using LDAPS, test if you are able log in to the UIC (content) Gateway portal using LDAPS/AD credentials.

  5. In case the test login from Cloud to Swarm Gateway UI failed.:

  6. Verify errors by Request ID at in /var/log/caringo/cloudgateway_server.log.
    grep 'request_id' /var/log/caringo/cloudgateway_server.log
    Sample certificate error:
    2023-04-07 09:39:18,309 ERROR [qtp1357686726-9493|BC005B3EB68626F8] LDAPIdsys: Unable to connect to identity system ldaps://ad01.acme.internal:636 as ldapUser@acme.internal: javax.naming.CommunicationException: simple bind failed: ad01.acme.internal:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Otherwise, your configuration for LDAPS/AD integration should be complete!