We help IT Professionals succeed at work.

AD Lightweight Directory Services - can I use it for Secure LDAP in this scenario?

fieldj
fieldj asked
on
67 Views
Last Modified: 2019-01-28
Hello,

We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.

We have 3 x Domain Controllers.

In order to make the secure LDAP connection we would need to give one of our DC's a public IP address and then allow the spam filters IP addresses through the firewall and open port 636 (secure LDAP).  I don't feel particularly comfortable with making one of our DC's public facing (even if it is locked down to specific IP's) and would like to look at alternatives.

My initial thought was to perhaps create a Read Only DC and use this instead.  However, while researching this I came across the possibility of using AD Lightweight Directory Services.

I am not too familiar with AD LDS so I am not 100% sure if I can use it in this scenario.  If I install AD LDS on server, will I be able to use this server for secure LDAP to the third party and will it keep replicating/updating from my production AD environment?

Thanks
Comment
Watch Question

Andy MIT Systems Manager
CERTIFIED EXPERT

Commented:
Not sure that ADLDS will be best for this scenario as I believe you can still write data to it. You're better off with a Read Only Domain Controller in a DMZ.

Author

Commented:
Thanks for the reply, I would appreciate if there are any other views on this?
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
We are in the process of moving to a new 3rd party externally hosted spam filter.  The new spam filter will allow our users to manage their own spam via a portal which they will log on to via a secure LDAP connection.
Which spam filter. Most have an option for ADFS, use that instead.

Author

Commented:
EveryCloud - I dont believe ADFS is an otpion
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Please share the configuration document that mentions the steps in the question, I do not see it within the documents on EveryCloud's website.

Author

Commented:
I will close this ticket as we are no longer looking at this option.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.