<div>
I run the directory sync on the domain controller as well and I have forwarded port 389 to the dc. <br />
Is that a risk?<br />

</div>


I run the directory sync on the domain controller as well and I have forwarded port 389 to the dc.
Is that a risk?


<div>
how do you mean you have forwarded port 389 on the dc.<br />
<br />
all you need to do is set it as attached image, changing your base DN and authorised user<br />
<br />
I can't see any security risk as it is done locally (so no network sniffing), and port 389 is open anyhow<br />
<a href="https://filedb.experts-exchange.com/incoming/2010/08_w34/339185/Untitled.png" target="_blank" class="file-inline" title="Directory Sync Screenshot (31 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Untitled.png</a>
</div>


how do you mean you have forwarded port 389 on the dc.

all you need to do is set it as attached image, changing your base DN and authorised user

I can't see any security risk as it is done locally (so no network sniffing), and port 389 is open anyhow
Untitled.png [https://filedb.experts-exchange.com/incoming/2010/08_w34/339185/Untitled.png]

Untitled.png

<div>
I did the forward in the firewall
</div>


<div>
Don't do that, there is no need. That is a security risk<br />
<br />
The directory sync reads the LDAP details locally and then uploads the information to Google/Postini through HTTP/S
</div>


Don't do that, there is no need. That is a security risk

The directory sync reads the LDAP details locally and then uploads the information to Google/Postini through HTTP/S

<div>
<div class="content wysiwyg-content">
I'm configuring Google Apps Directory Sync and forward port 389 to my Active Directory server.<br />
<br />
It works. But is this a security risk?<br />
<br />
If yes, what are the steps/requirements for using LDAP+SSL for the connection?<br />
<br />

</div>
</div>


I'm configuring Google Apps Directory Sync and forward port 389 to my Active Directory server.

It works. But is this a security risk?

If yes, what are the steps/requirements for using LDAP+SSL for the connection?



Google Apps Directory Sync LDAP port 389

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.