The Domain Controller is a key component of the ALD Pro system, which provides centralized management of the organizational structure, user accounts, group policies, and other domain objects.
It is based on the directory service (FreeIPA), which in turn is based on products such as 389 Directory Server (LDAP), MIT KDC (Kerberos), and BIND9 (DNS). The Chrony service is automatically installed and configured on ALD Pro Domain Controllers to create a hierarchy of time servers.
The directory service’s capabilities are complemented by group policy functions based on Salt scripts. The ALD Pro management portal allows you to create group policy objects using user and computer parameters and save this information to LDAP directory. And on domain computers, an autonomous service Salt Minion runs, that extracts these parameters from the LDAP directory, summarizes them, and applies them using universal Salt scripts.
When connecting via SSH to a virtual machine created from this image, the system will automatically launch an application with a pseudographical interface to complete the configuration. Using this application, you can configure the server as the primary controller in the domain or turn it into a replica in an existing domain to provide fault tolerance or horizontal load scaling.
ALD Pro Domain Controller Installation Manual по установке контроллера домена ALD Pro
You can install the ALD Pro Domain Controller in Yandex Cloud to solve one of the following tasks:
- Get familiar with the product features and the management portal interface.
- Organize centralized authentication/authorization of administrators on your Linux servers hosted in Yandex Cloud. Provide centralized settings configuration through the group policy mechanisms.
- Organize centralized management of user workstations. You will need to configure a VPN to connect users to the local network where the domain controllers are located.
- Provide centralized storage of user accounts for authentication in web applications using OAuth2, OIDC, SAML protocols when integrating the directory service with Keycloak.
Astra Linux
You can purchase technical support from official Astra Linux partners (on Russian). You can review the terms and conditions for technical support in the Technical Support Terms of Service (on Russian).
Yandex Cloud
Yandex Cloud does not provide technical support for this product. If you have any issues, please refer to the respective developer’s information resources.