Hi - I would really like to see the LDAP support (in skybox) ported over to EC2Box. In addition, I'm wondering if you can use the logged in user's username as the username that is used to login into the instance. Currently, admins are able to change the user name by clicking on it in the grid.

Both of these changes would really help me out, as it would allow my users to login using their active directory credentials and then use their username when connecting to the actual instance (this latter point helps w/ auditing).

If both items are too much to ask, the LDAP support (by itself) would be great.

Thanks!

Not sure how to have them login to the instance themselves with their AD credentials and use their username to the actual instance. Are you doing LDAP authentication now with your EC2 instances in lieu of public ssh keys?

Not sure I understand the question. Here's my desired use case:

I login into Ec2box using my AD credentials (e.g., corp\jyjohnson). I pick an instance to start a terminal/ssh session. I would like 'jyjohnson' to automatically be used as the username instead of the default 'ec2-user'.

We are beginning to setup LDAP access directly to the instances now. We tried AWS Directory Services (with AD Controller) but could not get that to work. We're going to add read only Domain Controllers to the VPC and use that.

Having users authenticate into EC2Box via LDAP/AD should be easier, but authenticating to the instance itself is all based on the SSH keys that you import.

I pick an instance to start a terminal/ssh session. I would like 'jyjohnson' to automatically be used as the username instead of the default 'ec2-user'.

Right but would 'jyjohnson' use the private key that was imported to authenticate to the instance or would he be using his LDAP credentials that he logged into EC2Box with??

And don't you have to configure PAM individually on the instances so that it will create the local users as you authenticate with LDAP? I don't think this setup is something AWS just does for you.

So any pointers on getting LDAP auth enabled for just EC2Box, not instances themselves ? I've had a good search for enabling it in Jetty but maybe I'm using the wrong search terms

So, does EC2Box support LDAP authentication?

I believe this thread was discussing using LDAP on the EC2 instances themselves. I haven't added this as a feature to EC2Box yet.

+1 for steeevieee. I would like to see LDAP authentication as an option for logging into the EC2Box web app.

+1 Hello @skavanagh! Do you have plans to implement LDAP for EC2 box?

@skavanagh just to put this into context I manage a VPC that needs to be PCI compliant. We run OpenVPN to allow users to connect, and once they are in they can access EC2Box. OpenVPN binds to an LDAP directory (we use JumpCloud LDAP as a Service) and users log into OpenVPN using their LDAP credentials. If EC2Box allowed for LDAP authentication, users could use the same credentials to log into EC2Box.

A single ID and Password managed from a central location.

+1 - I'll try and find some time to work on it.