Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

LDAP and ADFS

Posted on 2016-10-29
1
Medium Priority
?
304 Views
Last Modified: 2016-11-13
Hi All,

I have a requirement to connect a SaaS Internet Application to our AD. The Application only supports LDAP and does not support SAML. I don't want to expose our AD to the Internet for obvious reasons.

We have already setup ADFS including Web Proxies for a previous project and am hoping to use that.

if I go to our ADFS DNS Host Name (ldap://adfslogin.domain.com:389) it pops up a search box.

However I can not search for anything in our AD, and our SaaS Application Fails to connect to the address.

Can I use my ADFS Web Proxies to proxy LDAP? or should I look at Microsoft LDS, or even Open LDAP as an other Option

With this not working, and a fair bit of google searching I'm lost as to where to look for some form of config guide. Could anybody tell me the configurations steps needed, or point me in the right direction for either getting LDAP working with ADFS or LDS?

Once I have it working with LDAP I will look at moving it to LDAPS.

Cheers
TME
0
Comment
Question by:TrustGroup-UAE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 23

Accepted Solution

by:
yo_bee earned 2000 total points
ID: 41865125
I have my AD exposed, but I have it isolated strictly for the IP of the SaaS provider and no one else.
This is one option if you have access to configure your firewall to harden this connection.

You mentioned other options like AD LDS.  I have not tried this, but you can easily setup a test for this.
 AD LDS https://technet.microsoft.com/en-us/library/cc755080(v=ws.10).aspx

When you read through the link your scenario is there.
Management of external client computers' access to network resources

Enterprises that need to authenticate extranet client computers, such as Web client computers or transient client computers, can use AD LDS as the directory store for authentication. This helps enterprises avoid having to maintain external client information in the enterprise's domain directory.

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question