Page Comparison

Export Root CA from Active Directory Server

...

1. Create a User account that can log in to Active Directory with read only access to LDAP/LDAPS.

2. Refer to https://perifery.atlassian.net/wiki/spaces/public/pages/2443816826/IDSYS+Document+Format#LDAP-and-AD-Fields to configure gateway authentication with Active Directory LDAP.

3. Change the protocol

   1. Protocol: ldap ➔ ldaps

   2. Port ldapPort: 389 ➔ 636

4. Use the LDAPS/AD credentials to log in to the Content Gateway portal (UIC).

   Code Block

   { "ldap": { "name": "ad-ldap", "description": "This is acem.local Active Directory LDAP configuration", "protocol": "ldaps", "ldaphost": "acme.local", "ldapport": "636", "adminDN": "CN=ldapuser,CN=Users,DC=acme,DC=local", "adminPassword": "P@ssw0rd", "userBase": "CN=Users,DC=acme,DC=local", "groupBase": "CN=Domain Admins,CN=Users,DC=acme,DC=local", "uidAttribute": "sAMAccountName", "userFilter": "objectclass=*", "groupMemberDNAttr": "", "groupMemberUidAttr": "member", "cookieName": "token", "tokenPath": "/.TOKEN/", "s3SecretKeyAttr": "dcadmin@" } }

5. In case the test login to the Swarm Content Gateway UI fails:
   

   

6. Verify errors by Request ID in /var/log/caringo/cloudgateway_server.log and follow the troubleshooting steps in LDAP Configuration .

   Code Block
   grep 'request_id' /var/log/caringo/cloudgateway_server.log

   Sample certificate error:
   2023-04-07 09:39:18,309 ERROR [qtp1357686726-9493|BC005B3EB68626F8] LDAPIdsys: Unable to connect to identity system ldaps://ad01.acme.internal:636 as ldapUser@acme.internal: javax.naming.CommunicationException: simple bind failed: ad01.acme.internal:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

...