How to connect LDAP after joining EC2 instance to Directory Service Domain?

0

Hi folks, I have setup Directory Service in aws, and created windows instance(management instance) to join the domain, and I installed ldap in the windows server, configured public DNS (Alibaba cloud DNS) to point to EIP of the windows server instance, now in windows server I can use ldp.exe and local domain to connect the ldap service, but if want to use public DNS to connect the ldap service, it will fail because the DNS will be resolved as windows server address, then how can I configure the public DNS to point to domain controller? or how to configure in windows server to forward traffic to DCs? thanks in advance if you can share your idea about this. Best regards, Bryan

1개 답변
0

My understanding is that the Directory Service is private so can not be directly exposed to the internet.
Easiest way would to be add a load balancer to bridge public/private subnets pointing to the DS servers/endpoints.
However, exposing AD to the internet is not a great idea with out lots of controls and security on AD and the VPC. Also bear in mind that AD also uses more than just a single "server" DNS record.

What are you trying to achieve by opening up the directory to the internet?
It might be easier/wiser to create a "multi site" AD setup and have a DC in another location/cloud that is connected to AWS via secure network (VPN, DX).

profile picture
답변함 일 년 전
  • Thanks Robin, I am trying to enable RDS authentication with kerberos, and our users are managed by FreeIPA, then I created AWS Directory Service and AWS Managed AD Server instance, want to integrate managed AD with FreeIPA by using LDAP, but facing issue while setup trust.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠