• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 608
  • Last Modified:

LDAP for Joomla web site on TMG 2010

We have joomla based an external web site (hosted by a hosting company) and I'd like to let the domain users use their creditentials on the web site aswell. Is it good idea publishing ldap to outside? Whats the best way to achieve that?

TMG 2010, Windows 2008 AD Environtment
0
teomcam
Asked:
teomcam
3 Solutions
 
camm80Commented:
I personally would not replicate a production corporate LDAP / AD to the internet or make it accessible to the internet.   You can do this securely though if you really want that integration:

Get a dedicated IP for your hosting site so you are not shared and allow inbound port 636 (Secure LDAP) to a domain controller.  This adds some risk exposing your AD to the internet but you can firewall it and only allow to a static site.

Guide here on LDAPS setup.
http://magictrevor.wordpress.com/2010/07/12/integrate-joomla-with-active-directory-via-secure-ldap/ 

I would look into doing a replicated AD as well to assure not all your information is replicated or accessible, just basic LDAP credentials.   You may even be able to nightly batch to another LDAP solution, but getting passwords will be the problem.
0
 
xylogCommented:
For use over the internet a Federated login model is best. ADFS can be is used for this.

http://docs.joomla.org/ADFS_2.0_Relying_Party_Trust_Configuration

ADFS is part of Windows 2008.
0
 
qf3l3kCommented:
You might consider using Forefront UAG 2010 as presentation and acces splatform for web applications integrated with directory service.

UAG 2010 works at the top of TMG, so you have protection layer covered.
Also, using UAG you will be able to easily publish web applications as well as allow VPN access through one consistent platform.

Check this:
http://www.microsoft.com/forefront/unified-access-gateway/en/us/

Then you can publish Joomla through UAG which will mask all URLs and will control access to portal applications.
What you can also do using UAG platform is control computers which are accessing portal if they comply with certain policies and requirements (recent updates, antivirus, etc..).
And in future if you want you can use that to deploy DirectAccess for clients with Windows 7 as UAG gives you NAT64 ability as well.

So, I would strongly recommend checkign this as platform for web application publishing as well as single-signon for multiple applications in internal network.
0
 
teomcamAuthor Commented:
Hi,
Thanks for the details but please remember our web site hosting by a third party company not from our servers! Please correct me if I miss understood. Our web site will not be private only. It will be open public aswell and there might be parents, student as a member but only staff will use their domain user name password. Is that achievable?
0
 
qf3l3kCommented:
Right, I start thinking about solution and missed that point that website is hosted outside.
UAG will be useful when you will be hosting your website and want to present it outside.

In case you want to expose your AD outside and integrate 3rd party application recommended way will be ADFS as mentioned by xylog.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now