Page Comparison

...

...

...

...

Export Root CA from Active Directory Server

1. Log into the Active Directory domain server as domain administrator:

   Click Start → Windows Administrative Tools → Certificate Authority to open

   a Domain Administrator:

   1. Open the CA Microsoft Management Console (MMC) GUI .from Start → Windows Administrative Tools → Certificate Authority

      

   2. Highlight Right-click on the CA server Server and right-click to select CA Properties:

      

   3. From Select View Certificate from the General menu, click View Certificate:

      Image RemovedImage Added

   4. Select the Details view and click Copy to File on the lower-right corner of the window:

      Image Removed

      followed by Copy to File…:

      Image Added

   5. Use the Certificate Export Wizard to save the CA certificate file:

      

   6. Click Next, then select Select Next followed by Base-64 encoded X.509 (.CER):

      

   7. Click Select Browse to select the path to save where the root-CA is saved:

      

   8. Click FinishSelect Next.

Install the Root CA on Swarm Content Gateway

1. Copy the root-CA (acme-ca-bundle.crt) to the following location on all Swarm Content Gateway servers:

   Code Block
   /etc/pki/ca-trust/source/anchors/acme-ca-bundle.crt

2. Run the following command on each Swarm Content Gateway server:

   Code Block
   update-ca-trust

3. Restart the Swarm Content Gateway Services on each Swarm Content Gateway:

   Code Block
   systemctl restart cloudgateway

Test LDAPS connection from Swarm Content Gateway

1. Download the acert certificate verification utility to each Swarm Content Gateway server and verify the file against the SHA-256 checksums listed on the Duo Certification Verification Utility to each Swarm Gateway: website:

   Code Block
   cd /root/datacore

   
   

   curl -fLO https://dl.duosecurity.com/acert-linux

   
   

   chmod +x acert-linux

2. Make sure each Gateway server Verify all Swarm Content Gateway servers can reach the Active Directory server (e.g. ping / traceroute using tools such as ping, traceroute, or equivalent).

3. Run the following command to verify the LDAPS certificate:

   Code Block
   ./acert-linux -host ad.acme.local -port 636

Configure LDAPS on Swarm Content Gateway

1. Create a User account that can log in to Active Directory with read only access to LDAP/LDAPS.

2. Refer to https://perifery.atlassian.net/wiki/spaces/public/pages/2443816826/IDSYS+Document+Format#LDAP-and-AD-Fields to configure gateway authenticate authentication with Active Directory LDAP.

3. Change the protocol

   1. ldap ➔ ldaps

   2. Port 389 ➔ 636

4. Now, test if you are able Use the LDAPS/AD credentials to log in to the Content Gateway portal (UIC (content) Gateway portal using LDAPS/AD credentials.

5. In case the test login to the Swarm Content Gateway UI failedfails:
   

   

6. Verify errors by Request ID in /var/log/caringo/cloudgateway_server.log and follow the troubleshooting steps in LDAP Configuration .

   Code Block
   grep 'request_id' /var/log/caringo/cloudgateway_server.log

   Sample certificate error:
   2023-04-07 09:39:18,309 ERROR [qtp1357686726-9493|BC005B3EB68626F8] LDAPIdsys: Unable to connect to identity system ldaps://ad01.acme.internal:636 as ldapUser@acme.internal: javax.naming.CommunicationException: simple bind failed: ad01.acme.internal:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Otherwise, your The configuration for LDAPS/AD integration should be complete !if no errors occur.