Re: LDAP and A/D security over internet

Giganews Newsgroups
Subject: Re: LDAP and A/D security over internet
Posted by:  Anthony (
Date: Tue, 6 Feb 2007

Well first, your sponsor is being very considerate. Most people just shove
up another website and expect everyone else to remember a new logon. Your
sponsor wants to authenticate users with their existing logon. The question
is how to do this.
Who is using the portal? Is it just people on your campus, or others in the
sponsor organisations?

"Peter Hoffman" <PeterHoffm…> wrote in message
> Hi, we are a college campus Win03 SP1, single domain. I have a request
> from
> our State sponsor to be able to allow our employees access to their
> portal.
> The sponsor wants to do LDAP queries from their servers in another city
> against my DC's to authenticate our users against our AD to allow access
> to
> their portal. I have no experience doing anything like this.
> I'm concerned about security. My DC's are on an internal network, not on
> the
> DMZ. The sponsor is asking us to config our firewall to allow LDAP access
> from their servers through the firewall to one of my DC's.
> What should I be concerned about here as far as security? What are the
> best
> practices? Any help is very much appreciated!!
> Thanks, - Pete
> --
> -----
> P Hoffman, MCSA, MCP, MSCE



In response to

LDAP and A/D security over internet posted by Peter Hoffman on Tue, 6 Feb 2007