After changing cipher suites on the Active Directory LDAPS server Aria Operations administrators want to ensure that Active Directory (AD) authentication uses AES encryption instead of legacy protocols like RC4. They need the best practice method to force secure communication to maintain security compliance for the following reasons:

• Requirement to move from RC4 to AES encryption for AD authentication.
• Need to ensure users can still log in after disabling older encryption protocols on the Domain Controller.

Aria Operations 8.18.x

Standard LDAP authentication (Port 389) operates unencrypted. Forcing AES encryption requires the use of LDAPS (LDAP over SSL/TLS) on Port 636.

To force AES encryption, you must configure the AD authentication source to use LDAPS by following these steps:

1. Import CA Certificates:
   • Obtain the Root and Intermediate (Sub-Root) CA certificates for your Active Directory environment.
   • Navigate to Administration > Control Panel > Trusted Certificates.
   • Click Import and upload the Root CA certificate. Repeat for all Intermediate certificates in the chain.
2. Configure Authentication Source:
   • Navigate to Administration > Authentication Sources.
   • Edit your Active Directory integration.
   • Ensure the Host FQDN field uses the Fully Qualified Domain Name of the DC (do not use an IP address).
   • Check the box for Require SSL.
3. Validate and Save:
   • Click Test Connection.
   • Accept any leaf certificates presented by the Domain Controllers if prompted.
   • Click Save once the test is successful.

Authentication Sources: Add Authentication Source for User and Group Import