We have had a request to allow LDAP lookups from a couple of external applications to our network. Moving forward with this what would be the best scenario? I have scaled the "google" and getting mix things come up and tbh got a bit lost with it all.
So the solution I am thinking of going down:
AD LDS - for LDAP lookup
AD FS - for single sign on services (future proof for office 365)
Can I install both systems on the same server?
Do I put a server in the DMZ and then open the ports required back to the network through firewall A.
Then allow this server firewall B access to the outside world?
Or is it a NAT passthrough to the server on the internal network?
there doesn't seem to be a clear guide on a good solution, and what I found is going back to server 2003.
I might be looking in the wrong place but I definitely need some advice from the pros on this one.