Query AD from DMZ via LDAP?

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: "emde" <emdeusenet@xxxxxxxxx>
Date: 9 Apr 2007 11:04:33 -0700

I have an application that sits in our DMZ that needs to query our
internal AD domain. I'd like to keep things as secure as possible. I
tried configuring a new domain in the DMZ in a sperate forest,
creating a one way trust, but I am unable to use LDAP to locate the
internal domain user from the DMZ domain.

The next step I thought I would try is to use ADAM. Would this be a
viable solution (using the proxy class)? My requirements are that I
can simply use LDAP (in the DMZ) to authenticate a user in our
internal AD domain. Determining group memberships would be a bonus.

Thanks for any ideas.

-emde

.

Follow-Ups:
- Re: Query AD from DMZ via LDAP?
  - From: Joe Kaplan

Prev by Date: Re: Multiple AD Logon's
Next by Date: Re: identify which DC is authenticated
Previous by thread: Re: Multiple AD Logon's
Next by thread: Re: Query AD from DMZ via LDAP?
Index(es):
- Date
- Thread

Relevant Pages

Re: prevent mails to nonexistent local recipients (LDAP?)
... ORF uses LDAP, so it does not have to run on a domain member host, you can ... safely run it on a front-end in the DMZ. ... >> traffic to reduce the load on the server. ...
(microsoft.public.exchange.connectivity)
Re: LDAP proxy, forwarding or redirect
... Once I load ADAM on the DMZ server it does load an LDAP listener, ... only thing it can proxy is user authentication to AD. ...
(microsoft.public.windows.server.active_directory)
[SLE] ldap troubles
... I've narrowed one of my LDAP problems to something that might be ... This created a consistent error and, after googling a bit, I added ... Oct 13 07:50:33 dmz slapd: EQUALITY ...
(SuSE)
Re: LDAP proxy, forwarding or redirect
... forward requests, but you would be much better served by ADAM and its AD ... This will give you a flexible, extensible LDAP ... OpenLDAP or ADAM instance. ... anything vs. pushing subsets of data to the DMZ. ...
(microsoft.public.windows.server.active_directory)
Re: LDAP proxy, forwarding or redirect
... I will install ADAM and use that. ... forward requests, but you would be much better served by ADAM and its AD ... This will give you a flexible, extensible LDAP ... anything vs. pushing subsets of data to the DMZ. ...
(microsoft.public.windows.server.active_directory)