sasaconsult.blogg.se - Apache directory studio active directory authentication

#Apache directory studio active directory authentication code#
#Apache directory studio active directory authentication windows#

#Apache directory studio active directory authentication windows#

Let’s discuss the steps on creating a windows instance and adding it to the directory during the creation of the instance. We have used a windows EC2 joined to the created directory to execute the AD operations on the directory. Let’s create a platform to manage the things in managed AD. Once created the status of directory shows Active. It takes close to 40 -45 mins to get the directory service created. Review and click “ create directory” to get it provisioned.ħ. The last step is to just review the configuration of the required directory service. Next, give the network details like VPC and subnets and then click Next.Ħ. Next give the directory details like pricing tier, domain name, description and root password. Select the first option “ AWS Managed Microsoft AD” and then click N ext.Ĥ. Login to AWS console and click Directory Service :ģ.

The first step is to get Managed Microsoft AD to get configured on AWS.

This phase we would explain on steps of the creation of managed AD and configuring RSAT on EC2 for managing the Managed AD. We divided the entire migration into 3 phases which include from the creation of Managed AD on AWS till the application go live with Managed AD. We decided to carry the migration based on phases. Since its a production workload and close 12000+ users are present in Apache DS. Since the present, the application is working using LDAP, Changing the authentication protocol in the application layer was a major change.Īpache DS to managed AD Migration Process

AD LDAP authentication works on port 389 (LDAP protocol) but if the application wants to modify user attributes it can only be achieved through port 636 in Microsoft AD (LDAPS protocol) due to security constraints which basically works over SSL layer.

#Apache directory studio active directory authentication code#

Directory structure change “ CN=,OU=, DC=,DC=”.Since we need to change the same on code level in the application layer as well.The major challenges we had with integrating Managed AD with the application : The idea of using AWS service “Managed Microsoft AD” was sparked here. This is because it was not just from infrastructure change but also required major code level changes of application. This is the phase where we decided to work on Refactoring / Re-architecture the authentication platform of application. Generally, this would result in downtime of application and we had the challenge to give a permanent solution to it to reduce the downtime. We had an everyday issue where OAuth grant generally used to take more time and often the directory DB used to get corrupt and we would end up losing several users on Apache Directory. During the peak hours, ApacheDS is unable to handle the load and results in OOM.Apache DS database used to get corrupt randomly and results in data loss.During the bulk user creation /user modification (bulk write operations), the authentication process slows down and results in impacting the application performance.In this blog, we are demonstrating the migration process from ApacheDS to AWS Managed AD. Closely we had around 12000+ users in live with directory structure as “ cn= ,ou= ,o=”. Due to never-ending issues with ApacheDS, we had to migrate the users to AWS Managed AD. In our previous blog, we have discussed ApacheDS that was implemented for one of our customers.

Written by Karthik AU, Solutions Architect at Powerupcloud Technologies.