Dear Support Team, We were now able to create the certificates in a proper way so that SF is now running with SSL.
For the user Authentication we would like to use LDAP / ActiveDirectory. - How we can configure a LDAPS / Secure connection with Active Directory? - Due the fact that we are using an internal PKI, where do I need to populate the Root & Intermediate Certificates? - Since Active Directory does not allow anonymous LDAP queries, how and where can I configure a BIND user? Thanks in advance for your support. Cordialement, Best regards, Mourad Renaï Principal Engineer Software Integrator Engineering/Development e-mail:[email protected]<mailto:[email protected]> Direct: +33-1-30-17-85-39 Tech Center Veoneer France SAS Address: Rue du Petit Albi Parc SILIC Batiment Le Cerynie 95800 Cergy-Pontoise France [cid:[email protected]]<https://www.linkedin.com/company/18452321/> [cid:[email protected]]<https://twitter.com/Veoneer1> [cid:[email protected]]<https://www.youtube.com/channel/UCRO1uMYtcNm1pzmQly1L4nw> [cid:[email protected]]<https://www.facebook.com/Veoneer/> From: Fabien Boucher <[email protected]> Sent: vendredi 17 janvier 2020 12:44 To: Mourad Renai <[email protected]> Cc: [email protected]; Matthias Brogies <[email protected]>; Ludovic Martineau <[email protected]>; Karmaidine Mougamadou <[email protected]>; Niklas Storm <[email protected]> Subject: Re: [SF 3.3] AD/LDAP Authentication configuration support request pem is the container format, which is based on Base64. You'll find the self-signed one on your SF deployment here: /etc/pki/tls/certs/<fqdn>.crt You should use the same format. Cheers, Fabien On Fri, Jan 17, 2020 at 11:42 AM Mourad Renai <[email protected]<mailto:[email protected]>> wrote: Hello Mr Boucher, Thanks a lot for your quick answer. Here are questions from our IT-Service about ssl-certificates: Which style the certificate must have? Base64? Binary ? PFX ? We already tried to setup our own certificates and ran the sfconfig command, but get some errors. And till certificates configuration failed I thin we could not activate the AD/LDAP configuration. About the theming, I will have a look on ansible-roles/templates. Thanks Cordialement, Best regards, Mourad Renaï Principal Engineer Software Integrator Engineering/Development e-mail:[email protected]<mailto:[email protected]> Direct: +33-1-30-17-85-39 Tech Center Veoneer France SAS Address: Rue du Petit Albi Parc SILIC Batiment Le Cerynie 95800 Cergy-Pontoise France <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F18452321%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029413947&sdata=%2BUPf6Zsh112L2LAjidpcoNFnQf9bmdpYQjbNHG5QeDM%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F18452321%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029413947&sdata=%2BUPf6Zsh112L2LAjidpcoNFnQf9bmdpYQjbNHG5QeDM%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F18452321%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029413947&sdata=%2BUPf6Zsh112L2LAjidpcoNFnQf9bmdpYQjbNHG5QeDM%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FVeoneer1&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029413947&sdata=hpkzMqCV0Xd5zRNck0kFIlQLXJX4MqUVRrEh38%2FjYZQ%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FVeoneer1&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029413947&sdata=hpkzMqCV0Xd5zRNck0kFIlQLXJX4MqUVRrEh38%2FjYZQ%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FVeoneer1&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029413947&sdata=hpkzMqCV0Xd5zRNck0kFIlQLXJX4MqUVRrEh38%2FjYZQ%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCRO1uMYtcNm1pzmQly1L4nw&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029423942&sdata=Ne%2Bz1mMIk9KCGV9KjOg7x%2BY%2B4GMZq7zmuzp633EI%2B8Q%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCRO1uMYtcNm1pzmQly1L4nw&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029423942&sdata=Ne%2Bz1mMIk9KCGV9KjOg7x%2BY%2B4GMZq7zmuzp633EI%2B8Q%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCRO1uMYtcNm1pzmQly1L4nw&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029423942&sdata=Ne%2Bz1mMIk9KCGV9KjOg7x%2BY%2B4GMZq7zmuzp633EI%2B8Q%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FVeoneer%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029423942&sdata=c20%2BrjoeA47MoXWngdAPuRgy8HgPOJRJ0sEHyrbI6bE%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FVeoneer%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029423942&sdata=c20%2BrjoeA47MoXWngdAPuRgy8HgPOJRJ0sEHyrbI6bE%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FVeoneer%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029423942&sdata=c20%2BrjoeA47MoXWngdAPuRgy8HgPOJRJ0sEHyrbI6bE%3D&reserved=0> From: Fabien Boucher <[email protected]<mailto:[email protected]>> Sent: vendredi 17 janvier 2020 10:41 To: Mourad Renai <[email protected]<mailto:[email protected]>> Cc: [email protected]<mailto:[email protected]>; Matthias Brogies <[email protected]<mailto:[email protected]>>; Ludovic Martineau <[email protected]<mailto:[email protected]>>; Karmaidine Mougamadou <[email protected]<mailto:[email protected]>>; Niklas Storm <[email protected]<mailto:[email protected]>> Subject: Re: [SF 3.3] AD/LDAP Authentication configuration support request Hi, On Fri, Jan 17, 2020 at 9:53 AM Mourad Renai <[email protected]<mailto:[email protected]>> wrote: Hello, I’m software integrator on a software development project at Veoneer<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.veoneer.com%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029433934&sdata=92TzD8l06coehhncXlzlWHhjS620txgTlnu7dqD5Xf8%3D&reserved=0>. We plan to setup a Continuous Integration engine based on your tool : Software-Factory, as it groups several tools and as described in the documentation “easy to setup”. We have setup initial configuration on SF v3.3 installation made on a virtual machine with CentOS 7. Please note that the last SF version is 3.4 https://www.softwarefactory-project.io/releases/3.4/<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.softwarefactory-project.io%2Freleases%2F3.4%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029433934&sdata=2J4IkaWNxlcjeRtdbJu3bIOrAZ68H%2BOsP9wx1KcIW3A%3D&reserved=0> For now we only succeeded to run [sfconfig --provision-demo] + change our FQDN. The “welcome” page is reachable, but we have a warning (in Chrome) about certificates (error : NET::ERR_CERT_AUTHORITY_INVALID). Of course we can procced anyway to the link : [cid:[email protected]] We understood that the SF server should be updates with our certificates. Our IT service tried to do so within SF configuration, but the related document is not enough detailed to support us (https://softwarefactory-project.io/docs/operator/auths.html<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsoftwarefactory-project.io%2Fdocs%2Foperator%2Fauths.html&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029443925&sdata=xsyMoOxIzoCerHd1%2F%2FZ17%2FTt%2B5zwUwuOS3lHkhopfCE%3D&reserved=0>). Documentations for many others kind of authentications are more explained. So could you support us to these 2 points ? • Configure properly our SF server within our certificates Here, you'll find the process to setup your own certificates: https://softwarefactory-project.io/docs/operator/configuration.html#ssl-certificates<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsoftwarefactory-project.io%2Fdocs%2Foperator%2Fconfiguration.html%23ssl-certificates&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029443925&sdata=4tgFFH%2BKH33IDVbYgtEpYheE7tHyn%2B2W%2FZsRxZXKUlk%3D&reserved=0> • Configure connection of our SF Server with our Active Directory / LDAP We don't use this kind of authentication or are not aware of any other SF users using it. Thus it might need some debug. You'll need to set this configuration in sfconfig.yaml https://softwarefactory-project.io/cgit/software-factory/sf-config/tree/defaults/sfconfig.yaml#n78<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsoftwarefactory-project.io%2Fcgit%2Fsoftware-factory%2Fsf-config%2Ftree%2Fdefaults%2Fsfconfig.yaml%23n78&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029453917&sdata=yGTnUsPlNuIpBjYDESE1UaXm637vFmQVp%2BxRhQDzGTE%3D&reserved=0> and run sfconfig command again. Feel free to contribute back to SF code base any fixes if needed. Another “nice to have” topic is about how to make our SF Server web pages with our brand colors/logo ? I managed to update some html pages used by sf (sf/welcome.html as well as topmenu.html or also GeritHeaderSite.html)/ But each time the sfconfig command is executed, all these updates are overridden by default html files (I understand that all html pages are auto-generated depending on what project/component/services are configured on SF server). So is there a way to put our branding colors and logo? You might be able to make you changes directly in /usr/share/sf-config/ansible/roles/. This directory contains the ansible roles, files, templates used by sfconfig command. However, an updated of the sf-config package will overwrite your changes, so you'll need to save you change somewhere else too. Thanks in advance for your support. Cordialement, Best regards, Mourad Renaï Principal Engineer Software Integrator Engineering/Development e-mail:[email protected]<mailto:[email protected]> Direct: +33-1-30-17-85-39 Tech Center Veoneer France SAS Address: Rue du Petit Albi Parc SILIC Batiment Le Cerynie 95800 Cergy-Pontoise France <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F18452321%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029463921&sdata=Ml2fulBPk3Mij9k9asGB45Lh1o5CPGwFmpKziQWpOpU%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F18452321%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029463921&sdata=Ml2fulBPk3Mij9k9asGB45Lh1o5CPGwFmpKziQWpOpU%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2F18452321%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029463921&sdata=Ml2fulBPk3Mij9k9asGB45Lh1o5CPGwFmpKziQWpOpU%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FVeoneer1&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029473907&sdata=JHA8ywg7OkpX6DafQhXneNpC7fg8Y%2FvF3XHdwXkuILY%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FVeoneer1&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029473907&sdata=JHA8ywg7OkpX6DafQhXneNpC7fg8Y%2FvF3XHdwXkuILY%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2FVeoneer1&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029473907&sdata=JHA8ywg7OkpX6DafQhXneNpC7fg8Y%2FvF3XHdwXkuILY%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCRO1uMYtcNm1pzmQly1L4nw&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029493889&sdata=l6OUC0XU3p5at1sFi43n77oenSyd85lfPKVOgc41e5k%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCRO1uMYtcNm1pzmQly1L4nw&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029493889&sdata=l6OUC0XU3p5at1sFi43n77oenSyd85lfPKVOgc41e5k%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCRO1uMYtcNm1pzmQly1L4nw&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029493889&sdata=l6OUC0XU3p5at1sFi43n77oenSyd85lfPKVOgc41e5k%3D&reserved=0> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FVeoneer%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029503896&sdata=hGSMBiWEc9r91%2FOH5x%2FZSM%2BDln%2BGo2WEPEbCKjhVOqM%3D&reserved=0>[cid:[email protected]]<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FVeoneer%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029503896&sdata=hGSMBiWEc9r91%2FOH5x%2FZSM%2BDln%2BGo2WEPEbCKjhVOqM%3D&reserved=0><https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2FVeoneer%2F&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029503896&sdata=hGSMBiWEc9r91%2FOH5x%2FZSM%2BDln%2BGo2WEPEbCKjhVOqM%3D&reserved=0> *************************************************************** Consider the environment before printing this message. To read the Company's Information and Confidentiality Notice, follow this link: http://www.veoneer.com/en/important-information-and-confidentiality-notice<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.veoneer.com%2Fen%2Fimportant-information-and-confidentiality-notice&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029513881&sdata=sIKznybIXvTAPuU4iJWVP9PldXMRpHNFcQ5g3FyVvcs%3D&reserved=0> *************************************************************** *************************************************************** Consider the environment before printing this message. To read the Company's Information and Confidentiality Notice, follow this link: http://www.veoneer.com/en/important-information-and-confidentiality-notice<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.veoneer.com%2Fen%2Fimportant-information-and-confidentiality-notice&data=02%7C01%7Cmourad.renai%40veoneer.com%7C132d60fe09fb4aaa270808d79b42af57%7C8112232996bb41cc905365e30c689cd5%7C0%7C0%7C637148583029523878&sdata=SyFwkqhjffnFDyX0JTuEf%2Bk5Vjc61CqQ5ShOold7HBI%3D&reserved=0> *************************************************************** *************************************************************** Consider the environment before printing this message. To read the Company's Information and Confidentiality Notice, follow this link: http://www.veoneer.com/en/important-information-and-confidentiality-notice ***************************************************************
_______________________________________________ Softwarefactory-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/softwarefactory-dev
