No announcement yet.

LDAP server for user authentication in DMZ

  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP server for user authentication in DMZ


    For a website to authenticate users through LDAP, do I simply allow LDAP access from the DMZ through the firewall to the internal LAN, or do I place an LDAP server in the DMZ?

    If I do the latest, is there a way to secure the data on the LDAP server?

  • #2
    Have you considered deploying AD/AM (AD Application Mode) in DMZ and syncing it from internal DC ? this way you won't be exposing the internal DCs.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"


    • #3
      As to what I have read so far of ADAM, you can't synchronise an ADAM directory with your AD, or am I wrong?


      • #4
        OK, you can synchonise ADAM from the AD, but is that a good thing when you implement ADAM in the DMZ?
        Because if you sychronize User accounts into the ADAM, and the server gets hacked, you expose all the User accounts and passwords?

        So you still have to open a sychronise port from the DMZ to the Internal Lan to sychronize ADAM with AD.