Hey guys
I'm working on changing my authentication from IWA to LDAPS, as the user/group lookup happens via LDAP when you're using IWA.
The change is pretty much straight forward as I'd have to delete the IWA identity source and recreate it as LDAPS.
But I'm unsure of what will happen to my already configured roles.
I have a ton of roles configured to use AD groups.
Would these be removed, once i delete my IWA identity source? Or would they stay and continue to work after i recreate my identity source?
Has anyone else attempted this?
yes, im currently changing the identity source type at my customers to avoid lockout when microsoft does the change to ldaps.
all roles and permissions remain intact
Awesome thanks for the reply.
Did you do anything to backup the roles, permissions and user/groups? Or did you just cross your fingers and hope?
i didnt find any hint that it will impact roles and permissions - and i first tried it in a lab environment
Awesome, thanks!
Hey, hope you are doing fine.
If you change from LDAP to LDAPS on the same domain the roles will not be touched since the SAM accounts do not change. (and as you know the roles are associated to the SAM accounts on AD)
When you remove the identity sources AD users will be unable to authenticate but once you add it back on LDAPS it will work back