Avatar of fieldj
fieldj
Flag for United Kingdom of Great Britain and Northern Ireland asked on

AD Lightweight Directory Services - can I use it for Secure LDAP in this scenario?

Hello,

We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.

We have 3 x Domain Controllers.

In order to make the secure LDAP connection we would need to give one of our DC's a public IP address and then allow the spam filters IP addresses through the firewall and open port 636 (secure LDAP).  I don't feel particularly comfortable with making one of our DC's public facing (even if it is locked down to specific IP's) and would like to look at alternatives.

My initial thought was to perhaps create a Read Only DC and use this instead.  However, while researching this I came across the possibility of using AD Lightweight Directory Services.

I am not too familiar with AD LDS so I am not 100% sure if I can use it in this scenario.  If I install AD LDS on server, will I be able to use this server for secure LDAP to the third party and will it keep replicating/updating from my production AD environment?

Thanks
* LDAPActive Directory

Avatar of undefined
Last Comment
fieldj

8/22/2022 - Mon
Andy M

Not sure that ADLDS will be best for this scenario as I believe you can still write data to it. You're better off with a Read Only Domain Controller in a DMZ.
fieldj

ASKER
Thanks for the reply, I would appreciate if there are any other views on this?
Shaun Vermaak

We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.
Which spam filter. Most have an option for ADFS, use that instead.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
fieldj

ASKER
EveryCloud - I dont believe ADFS is an otpion
Shaun Vermaak

Please share the configuration document that mentions the steps in the question, I do not see it within the documents on EveryCloud's website.
fieldj

ASKER
I will close this ticket as we are no longer looking at this option.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
fieldj

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question