'"LDAPSocketOpenError: invalid server address"

I am testing an automated AWS Workspaces integration with Managed AD, following the process in this AWS article: https://aws.amazon.com/blogs/desktop-and-application-streaming/automate-provisioning-of-amazon-workspaces-using-aws-lambda/

I deployed a standard AWS-managed Directory using name "domain.local", then deployed a single EC2 instance to the domain with AD tools so I could modify AD.

When creating the scheduled Cloudwatch rule, I included this custom JSON input (as described in Step 6 of the article):

{
  "LDAP_SERVER": "domain.local",
  "LDAP_USER": "domain\\aws_sync",
  "GROUP_FILTER": "(objectclass=group)",
  "USER_FILTER": "(objectclass=user)",
  "SECRET_NAME": "sync_svc",
  "WORKSPACE_GROUP_FRIENDLY_NAME": "workspace_users",
  "WORKSPACE_GROUP_DN": "OU=Workspaces,OU=domain,DC=domain,DC=local",
  "Directory_Id": "<MyDirectoryID>",
  "Bundle_Id": "wsb-8vbljg4r6",
  "WorkSpace_Properties": {
    "RunningMode": "AUTO_STOP",
    "RunningModeAutoStopTimeoutInMinutes": 60,
    "RootVolumeSizeGib": 80,
    "UserVolumeSizeGib": 50,
    "ComputeTypeName": "STANDARD"
  }
}

I've gone through the entire process in the article twice being VERY careful to follow instructions - but both times, the integration does not work and the Lambda function fails. In the Cloudwatch logs, I see this:

> [ERROR] LDAPSocketOpenError: invalid server address Traceback (most
> recent call last):   File "/var/task/lambda_function.py", line 37, in
> lambda_handler     conn = Connection(server, user=LDAP_USER,
> password=LDAP_PASSWORD, authentication=NTLM, auto_bind=True)   File
> "/var/task/ldap3/core/connection.py", line 363, in __init__    
> self._do_auto_bind()   File "/var/task/ldap3/core/connection.py", line
> 387, in _do_auto_bind     self.open(read_server_info=False)   File
> "/var/task/ldap3/strategy/sync.py", line 57, in open    
> BaseStrategy.open(self, reset_usage, read_server_info)   File
> "/var/task/ldap3/strategy/base.py", line 154, in open     raise
> LDAPSocketOpenError('invalid server address')

Can anyone shed light on the error? It says "invalid server address", suggesting the function cannot communicate with the domain controllers in the Managed Directory. I ensured that the Lambda function's security group is set to All Traffic and 0.0.0.0/0 for both inbound and outbound, just FYI.

pythonaws-lambdaldapamazon-workspaces


Solution 1:[1]

You need to update the DHCP options set for the VPC that the lambda function is running in.

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/dhcp_options_set.html

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Bryce

Related Questions

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

pip issue installing almost any library

pip issue installing almost any library

pip issue installing almost any library

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

Selenium-Python: How do I make my WebDriverWait a few seconds before reloading a page?

A simple SMTP server (in Python)

How to specify which pytorch to import, if I have two different versions installed?

How to specify which pytorch to import, if I have two different versions installed?

A simple SMTP server (in Python)

Python: get all months in range?

Python: get all months in range?

Python: get all months in range?

How to specify which pytorch to import, if I have two different versions installed?