LDAPS for Managed AWS not Connecting

0

I'm having difficulty connecting to my Managed Active Directory instance via LDAPS.

I followed the manual instructions at the security blog here: https://aws.amazon.com/blogs/security/how-to-enable-ldaps-for-your-aws-microsoft-ad-directory/

(the automatic template wouldn't build for me so I used an archived version to set it up manually).

TLDR: it sets up a two-tier certificate authority set up with one root CA that is offline and one enterprise CA that is domain connected to the active directory, then creates a template for the active directory server to auto-enrol which enables LDAPS.

I have confirmed LDAPS has been enabled via ldp.exe on the management EC2 server instance for the directory.

I now want to communicate to the active directory instance from my application which is running on a separate EC2. This EC2 is NOT domain joined to the active directory, but does have rules allowing communications between the security groups of the EC2 and the EC2 of the active directory.

I'm using Java JNDI to connect, and when using LDAP (port 389), it connects fine, however when trying to use LDAPS (port 636) to open a connection/bind I get exceptions saying the connection has closed.

I have never done anything with certificates before, so I am not sure what I am missing here. I'm guessing the EC2 instance with my application needs some sort of certificate to communicate to the LDAPS server but I'm struggling to find any useful information about it.

I've tried to generate a certificate request on the application EC2 instance but the enterprise CA rejects the request (says the user is not authorised), presumably as I don't have the right template set up/permissions. Is this the right path to go down?

Do I just need to find/copy the certificate that enabled LDAPS for the directory? Any help is much appreciated as I'm very much in the dark right now and struggling to debug.

已提問 4 個月前檢視次數 105 次
沒有答案

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南