New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add LDAPS configuration support for aws_directory_service_directory #12636
Comments
I think we'll also need to add the EnableLDAPS, DisableLDAPS and DescribeLDAPSSettings. I'm curious how the Enable/Disable works since both have the same fields/values. |
Anything new about this? |
Any update please? |
is this still on going? |
I found my way here for the same needs -- enabling LDAPS for Active Directory Connector. Pending a feature improvement to the provider, has anyone solved via a workaround? I'm specifically thinking the use of the local provisioner to run a Python script and leverage boto3 to inject the certs and enable LDAPS mode. Or will this be more trouble than it is worth and should just stick to doing this out-of-band to our TF pipelines? |
@cacack We currently use a null_resource with a local-exec provisioner and just call the API: `resource "null_resource" "ad_connector_cert_register" { depends_on = [ |
Community Note
Description
Per Microsoft security advisory ADV190023, Microsoft is deprecating the use of insecure LDAP connections to domain controllers. As such, it will be necessary to configure the CA certificates and LDAPS configuration of
aws_directory_service_directory
resources of typeADConnector
orMicrosoftAD
to avoid communications disruptions.New or Affected Resource(s)
Potential Terraform Configuration
This design assumes that LDAPS is to be enabled if one or more certificates are specified.
An alternate design would be similar to the following:
However, this design fails to encapsulate the requirement that at least one certificate be associated with a directory before ldaps can be enabled.
References
The text was updated successfully, but these errors were encountered: