Re: LDAP in SBS 2003?
- From: "kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 23 Sep 2008 16:00:40 -0700
Cliff Galiher wrote:
Ahh... Yes, there is a better way.
I'm with you on this one Cliff, there's at least one better way and probably
many better ways than exposing your AD to external authenticated ldap
queries. (and because this is an authenticated connection to your sbs server
it would use a (at least one) device CAL for your external mail server).
So, here's another way too. Maybe more work than Cliffs scripting, but for
larger scale solutions perhaps a preferable method (and it could avoid the
CAL requirement too)
http://technet.microsoft.com/en-us/library/cc783121.aspx
I have written a small perlscript generates a txt file with the
addresses. With that perl script, I can add any formatting the
program requires (like Postfix prefers an OK after each address) or
whatever. I then can customize the perl script do *do* something
with that file.
I have this script in place to rsync a copy out to a postfix server.
Another version will use the perl HTTP libraries to update the valid
list out on a dyndns backup MX account.
The point is the script generates the list and the connection to
update the necessary server is OUTGOING, not INCOMING. And my LDAP
server is never exposed.
I personally would *STRONGLY* recommend this approach.
-Cliff
"Charles Lavin" <x@xxx> wrote in message
news:B596E1F0-C653-4499-8BAF-072150958E48@xxxxxxxxxxxxxxxx
There is no better way. I have an outside mail server that needs to
verify email addresses. I either maintain a separate list of email
addresses on the outside server, or (as they recommended) I set up
the outside server to perform LDAP queries on the SBS box. I would
much rather set this up to only allow LDAP queries from the outside
mail server and not from the Internet at large -- authenticated user
or not. Tnx
"Cliff Galiher" <cgaliher@xxxxxxxxx> wrote in message
news:fc2dndlbJYZn4kXVnZ2dnUVZ_qXinZ2d@xxxxxxxxxxxxxx
Well, active directory uses LDAP...so exposing the default LDAP
ports through your firewall is exposing active directory. This is
a *VERY BAD IDEA!!!!!*
So perhaps, if you can explain in more detail, what you are trying
to accomplish and what app needs this access, we can find a better
way. -Cliff
"Charles Lavin" <x@xxx> wrote in message
news:ur2lnNSHJHA.1308@xxxxxxxxxxxxxxxxxxxxxxx
Hi --
I have an SBS 2003 SP2 box running Windows Firewall (not ISA) and
also behind a Netopia router with firewall features.
I need to allow an outside server to perform LDAP queries on the
SBS box. I want to set it up so that LDAP queries are only allowed
from the IP address of this outside server.
Where do I find the proper docs to allow me to set this up? I
can't seem to find any suitable info on setting up LDAP on Windows
servers. I can set up pinholes on the Netopia router to allow the
LDAP ports through to the SBS box, but I have no IP address
control from there. Thanks,
CL
--
/kj
.
- References:
- LDAP in SBS 2003?
- From: Charles Lavin
- Re: LDAP in SBS 2003?
- From: Cliff Galiher
- Re: LDAP in SBS 2003?
- From: Charles Lavin
- Re: LDAP in SBS 2003?
- From: Cliff Galiher
- LDAP in SBS 2003?
- Prev by Date: remote web workplace rww stops working connect to remote computer
- Next by Date: Re: Using SBS 2003 Exch and an external POP Email server
- Previous by thread: Re: LDAP in SBS 2003?
- Next by thread: Re: LDAP in SBS 2003?
- Index(es):
Relevant Pages
|
