LDAP proxy?


  • We have several applications which are hosted/SaaS type deals.  These applications authenticate against our Active Directory.  Right now we punch holes through the firewall from the application servers to our AD domain controllers.  Not the best or most secure solution to be sure.  I'm wondering how we can do this better?  I'm picturing some type of LDAP proxy server that would sit in our DMZ and relay authentication requests from the external application server to the domain controllers.  I did a bit of Googling, but didn't find much in terms of an LDAP proxy.  Does such a thing exist?  Can LDS be an LDAP proxy?

    We only have 1 domain, so we don't need to worry about federation or anything like that.  But a bonus would be the ability to create accounts for users on the LDAP proxy server.  (In other words, sometimes we have to give access to a certain application for users who are not part of our organization... partners and such... right now we create AD accounts for them, but that's kinda kludgy.)


    Tuesday, June 12, 2012 6:33 PM


All replies