LDAP for Joomla web site on TMG 2010

We have joomla based an external web site (hosted by a hosting company) and I'd like to let the domain users use their creditentials on the web site aswell. Is it good idea publishing ldap to outside? Whats the best way to achieve that?

TMG 2010, Windows 2008 AD Environtment
Who is Participating?
xylogConnect With a Mentor Commented:
For use over the internet a Federated login model is best. ADFS can be is used for this.


ADFS is part of Windows 2008.
camm80Connect With a Mentor Commented:
I personally would not replicate a production corporate LDAP / AD to the internet or make it accessible to the internet.   You can do this securely though if you really want that integration:

Get a dedicated IP for your hosting site so you are not shared and allow inbound port 636 (Secure LDAP) to a domain controller.  This adds some risk exposing your AD to the internet but you can firewall it and only allow to a static site.

Guide here on LDAPS setup.

I would look into doing a replicated AD as well to assure not all your information is replicated or accessible, just basic LDAP credentials.   You may even be able to nightly batch to another LDAP solution, but getting passwords will be the problem.
You might consider using Forefront UAG 2010 as presentation and acces splatform for web applications integrated with directory service.

UAG 2010 works at the top of TMG, so you have protection layer covered.
Also, using UAG you will be able to easily publish web applications as well as allow VPN access through one consistent platform.

Check this:

Then you can publish Joomla through UAG which will mask all URLs and will control access to portal applications.
What you can also do using UAG platform is control computers which are accessing portal if they comply with certain policies and requirements (recent updates, antivirus, etc..).
And in future if you want you can use that to deploy DirectAccess for clients with Windows 7 as UAG gives you NAT64 ability as well.

So, I would strongly recommend checkign this as platform for web application publishing as well as single-signon for multiple applications in internal network.
teomcamAuthor Commented:
Thanks for the details but please remember our web site hosting by a third party company not from our servers! Please correct me if I miss understood. Our web site will not be private only. It will be open public aswell and there might be parents, student as a member but only staff will use their domain user name password. Is that achievable?
qf3l3kConnect With a Mentor Commented:
Right, I start thinking about solution and missed that point that website is hosted outside.
UAG will be useful when you will be hosting your website and want to present it outside.

In case you want to expose your AD outside and integrate 3rd party application recommended way will be ADFS as mentioned by xylog.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.