disturbedone
Vendor
I have, what I think, is a relatively simple and common scenario but I'm having huge difficulties finding a solution.
Here's what I'd like to do:
[ul]
[li]W2K8R2 domain with 2x DCs on LAN[/li]
[li]Cisco ASA5520 firewall with DMZ[/li]
[li]Externally hosted website, users logon to it and need to be authenticated with our AD[/li]
[/ul]
I've had various people suggest Forefront UAG, AD LDS, ADFS, RODC in DMZ.
One option, which appears to be the simplest, is to simply allow LDAPS from the website through the ASA (using NAT and IP address restrictions) to a DC and to use a user account that has just enough permissions to do an LDAP lookup.
What we want to achieve doesn't sound like it's something new and I'd imagine many people have done it many times. But the UAG/LDS/ADFS/RODC options all appear that they are awfully complicated. Is the simple LDAPS option all that is required and, most importantly, secure enough?
Here's what I'd like to do:
[ul]
[li]W2K8R2 domain with 2x DCs on LAN[/li]
[li]Cisco ASA5520 firewall with DMZ[/li]
[li]Externally hosted website, users logon to it and need to be authenticated with our AD[/li]
[/ul]
I've had various people suggest Forefront UAG, AD LDS, ADFS, RODC in DMZ.
One option, which appears to be the simplest, is to simply allow LDAPS from the website through the ASA (using NAT and IP address restrictions) to a DC and to use a user account that has just enough permissions to do an LDAP lookup.
What we want to achieve doesn't sound like it's something new and I'd imagine many people have done it many times. But the UAG/LDS/ADFS/RODC options all appear that they are awfully complicated. Is the simple LDAPS option all that is required and, most importantly, secure enough?
