Solved

LDAP and ADFS

Posted on 2016-10-29
1
20 Views
Last Modified: 2016-11-13
Hi All,

I have a requirement to connect a SaaS Internet Application to our AD. The Application only supports LDAP and does not support SAML. I don't want to expose our AD to the Internet for obvious reasons.

We have already setup ADFS including Web Proxies for a previous project and am hoping to use that.

if I go to our ADFS DNS Host Name (ldap://adfslogin.domain.com:389) it pops up a search box.

However I can not search for anything in our AD, and our SaaS Application Fails to connect to the address.

Can I use my ADFS Web Proxies to proxy LDAP? or should I look at Microsoft LDS, or even Open LDAP as an other Option

With this not working, and a fair bit of google searching I'm lost as to where to look for some form of config guide. Could anybody tell me the configurations steps needed, or point me in the right direction for either getting LDAP working with ADFS or LDS?

Once I have it working with LDAP I will look at moving it to LDAPS.

Cheers
TME
0
Comment
Question by:TrustGroup-UAE
1 Comment
 
LVL 21

Accepted Solution

by:
yo_bee earned 500 total points
ID: 41865125
I have my AD exposed, but I have it isolated strictly for the IP of the SaaS provider and no one else.
This is one option if you have access to configure your firewall to harden this connection.

You mentioned other options like AD LDS.  I have not tried this, but you can easily setup a test for this.
 AD LDS https://technet.microsoft.com/en-us/library/cc755080(v=ws.10).aspx

When you read through the link your scenario is there.
Management of external client computers' access to network resources

Enterprises that need to authenticate extranet client computers, such as Web client computers or transient client computers, can use AD LDS as the directory store for authentication. This helps enterprises avoid having to maintain external client information in the enterprise's domain directory.

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Wow it feels like forever since I have been able to sit down and write an article, I have been away and new exciting projects keeping me busy, but here I am writing another hopefully informative article. I have written about Orchestrator 2012 int…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now