VMware Cloud Community
Mahen01
Contributor
Contributor

Change from Integrated Windows Authentication (IWA) til LDAPS

Hey guys

I'm working on changing my authentication from IWA to LDAPS, as the user/group lookup happens via LDAP when you're using IWA.

The change is pretty much straight forward as I'd have to delete the IWA identity source and recreate it as LDAPS.
But I'm unsure of what will happen to my already configured roles.
I have a ton of roles configured to use AD groups.
Would these be removed, once i delete my IWA identity source? Or would they stay and continue to work after i recreate my identity source?

Has anyone else attempted this?

Reply
0 Kudos
5 Replies
berndweyand
Expert
Expert

yes, im currently changing the identity source type at my customers to avoid lockout when microsoft does the change to ldaps.

all roles and permissions remain intact

Reply
0 Kudos
Mahen01
Contributor
Contributor

Awesome thanks for the reply.

Did you do anything to backup the roles, permissions and user/groups? Or did you just cross your fingers and hope? Smiley Happy

Reply
0 Kudos
berndweyand
Expert
Expert

i didnt find any hint that it will impact roles and permissions - and i first tried it in a lab environment

Reply
0 Kudos
Mahen01
Contributor
Contributor

Awesome, thanks!

Reply
0 Kudos
nachogonzalez
Commander
Commander

Hey, hope you are doing fine.
If you change from LDAP to LDAPS on the same domain the roles will not be touched since the SAM accounts do not change. (and as you know the roles are associated to the SAM accounts on AD)

When you remove the identity sources AD users will be unable to authenticate but once you add it back on LDAPS it will work back

Reply
0 Kudos