Is it possible for IIS7.5 on DMZ network to have Active Directory/LDAP integration

Posted on 2011-10-04
Medium Priority
Last Modified: 2013-12-24
Hi, I have just set up a new IIS server on my Windows 2008 R2 server.  My IIS7.5 server is on a publically routable IP network.  Is it possible to in some way link it to our Active Directory (through LDAP maybe?) so that our internal users can be given access to FTP sites using their AD usernames and password?  I have created a couple of local users on the server and they can connect to the FTP sites no problem, but when I try and connect with an AD user i get error "530 user cannot login" and "530 user cannot login, home directory inaccessible."
Question by:carbonbase

Expert Comment

ID: 36908614

The whole point of a DMZ is to keep it seperated. You can open up this up but i would not recommend it.

If you really must i would proberbly go for a one way trust between the domain and the DMZ, but as i said before... really your defeating the perpous of having it by opening it up.

Author Comment

ID: 36908988
Hi, I am hoping there is a way to integrate using Lightweight Directory Services (LDAP integration), I've had some success doing this with Cerberus FTP server, but I'm looking for a way to do with IIS as there is no extra costs involved.
LVL 20

Accepted Solution

brwwiggins earned 750 total points
ID: 36920930

Assisted Solution

daveTechSearch earned 750 total points
ID: 36931748
I'd seriously not compromise your internal AD by opening it up to a DMZ system.

If anything, create local accounts on the IIS box.  We've got many users in this scenario, without complaint.
The one thing that we do in addition to this is record the ID's and PW's we've created for the users and store them in the event a user forgets a piece of the info... locked down of course.   No password policies assigned to the DMZ, Stand Alone FTP server.

Just remember: security almost always comes at some kind of cost.  Looking for ways around it really defeats the purpose (of a DMZ)... may as well have it on the inside, on the domain, and open it up to the world if you are going to open it up.

Author Closing Comment

ID: 37144536
Hi thanks for the advice and answers.  I decided to abandon using IIS to configure our FTP sites and used Cerberus FTP server instead which has build in LDAP integration

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
One of the most important things in an application is the query performance. This article intends to give you good tips to improve the performance of your queries.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question