NOTE: The TLS certificate used for LDAPS must be created using Active Directory Certificate Services!
Export Root CA from Active Directory Server
...
Create a User account that can log in to Active Directory with read only access to LDAP/LDAPS.
Refer to LDAP Configuration to configure gateway authenticate with Active Directory LDAP.
Change protocol
ldap ➔ ldaps
Port 389 ➔ 636
Now, test if you are able log in to the UIC (content) Gateway portal using LDAPS/AD credentials.
In case the test login to Swarm Gateway UI failed:
Verify errors by Request ID in
/var/log/caringo/cloudgateway_server.logand follow the troubleshooting steps in LDAP Configuration .grep 'request_id' /var/log/caringo/cloudgateway_server.log
Sample certificate error:2023-04-07 09:39:18,309 ERROR [qtp1357686726-9493|BC005B3EB68626F8] LDAPIdsys: Unable to connect to identity system ldaps://ad01.acme.internal:636 as ldapUser@acme.internal: javax.naming.CommunicationException: simple bind failed: ad01.acme.internal:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
...