On Thu, Sep 22, 2011 at 10:57, wrote:
> We are getting a new product to report variances. It is web-based but using
> LDAP to authenticate users. The way it works is that a person can log a
> variance anonymously but then directors can use their AD credentials to log
> in and report their find
Out of curiosity, can you tell us the name of the product?
On Thu, Sep 22, 2011 at 1:57 PM, wrote:
> We are getting a new product to report variances. It is web-based but
> using LDAP to authenticate users. The way it works is that a person can log
> a variance anonymously but then directors
Is the "new product" cloud based or internal? If internal I can't see why you
would need your DCs/LDAP servers to be available to the public internet. If
cloud based just open up to the IP of the server in the cloud to allow
authentication.
And insist on LDAP over SSL.
al
--
A
Are you sure that's what they're asking, and that they aren't simply asking to
have ldap access from some external IP address range which you'd provide via an
inbound firewall rule with an ACL and NAT so that only their specific IP
addresses can authenticate?
Not sure I'd be too comfortable wit
This comes up every now and then. Before the various federation technologies
became prevalent it was a lot more common, but now not so much. Generally what
you do is publish the LDAPS or GC/S port with an ACL that restricts source IPs.
If the app can't failover between a couple of names then you
Quantros
Date: Thu, 22 Sep 2011 14:18:53 -0400
Subject: Re: LDAP\DC with a public IP
From: rich...@gmail.com
To: ntsysadmin@lyris.sunbelt-software.com
Out of curiosity, can you tell us the name of the product?
On Thu, Sep 22, 2011 at 1:57 PM, wrote:
We are getting a new product to report
elt-software.com
Date: Thu, 22 Sep 2011 13:22:21 -0500
Subject: RE: LDAP\DC with a public IP
Is the “new product” cloud based or internal? If internal I can’t see why you
would need your DCs/LDAP servers to be available to the public internet. If
cloud based just open up to the IP of th
l.com [mailto:pdw1...@hotmail.com]
Sent: Thursday, September 22, 2011 3:01 PM
To: NT System Admin Issues
Subject: RE: LDAP\DC with a public IP
Cloud.
They explain further on that they have a lot of clients, some of whom may use
the same private IP so to prevent "overlap" (in their words
On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond wrote:
> I’m rather lost now. How is doing this double NAT going to help you in a
> typical cloud scenario? Usually you do this type of thing with a direct link
> to a business partner/supplier.
You have an IP address on your private side that dupl
com]
Sent: Thursday, September 22, 2011 5:50 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP
On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond wrote:
> I'm rather lost now. How is doing this double NAT going to help you in
> a typical cloud scenario? Usually you do this
On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond wrote:
>> You have an IP address on your private side that duplicates
>> their private net, and you're connected to them via some kind
>> of VPN or other secure router, so you do a one-to-one static
>> NAT between your private net and some other priva
Alarmist no not to me. I would tell them find or propose another way. I
would look at a way maybe using a Linux machine that sync's (more or less)
what they need and then maybe put that where it could be seen from the web.
Others may have better ways to skin the cat.
Jon
On Thu, Sep 22, 2011 at
5.1438 | c - 312.731.3132
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Thursday, September 22, 2011 6:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP
On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond wrote:
>> You have an IP address on your p
nal Message-
> From: Ben Scott [mailto:mailvor...@gmail.com]
> Sent: Thursday, September 22, 2011 6:14 PM
> To: NT System Admin Issues
> Subject: Re: LDAP\DC with a public IP
>
> On Thu, Sep 22, 2011 at 6:53 PM, Brian Desmond
> wrote:
> >> You have an IP address on yo
On Thu, Sep 22, 2011 at 9:11 PM, Brian Desmond wrote:
>> ... the provider gives you a VPN box to make the link ...
>
> This certainly didn't used to be called the cloud - this is classic service
> hosting. I usually
> consider cloud to require Internet connection between you and the provider as
That's basically private WAN...
Thanks,
Brian Desmond
br...@briandesmond.com
w - 312.625.1438 | c - 312.731.3132
-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com]
Sent: Thursday, September 22, 2011 9:14 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a p
'nattting' for two large healthcare vendors (whose clients also use the same
private IP scheme we use) but they gave me a address to nat my internal device
to.
From: br...@briandesmond.com
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: LDAP\DC with a public IP
Date: Thu, 22 Sep 201
Exactly, Ben.
> From: mailvor...@gmail.com
> Date: Thu, 22 Sep 2011 18:50:03 -0400
> Subject: Re: LDAP\DC with a public IP
> To: ntsysadmin@lyris.sunbelt-software.com
>
> On Thu, Sep 22, 2011 at 6:17 PM, Brian Desmond wrote:
> > I’m rather lost now. How is doing this
On Fri, Sep 23, 2011 at 12:16 AM, Brian Desmond wrote:
>> I'm not talking private WAN, I'm talking VPN. Using the public Internet to
>> carry
>> a secure tunnel for a private payload.
>
> That's basically private WAN...
We're splitting hairs now, but hey, this is the Internet, that's
what we
We had to do something like this for one of our products that's hosted
externally. I created a VM just for this, and made it an RODC. I just somehow
felt a little better doing that vs. a regular DC, although maybe that's a false
sense of security. And of course, ACLs restricting access solely to
There's no obligation for a WAN to use dedicated circuits...50% of the
WANs of organizations that I've been associated with have used VPNs for
connectivity.
"Cloud" is definitely a very ambiguous term, and heavily co-opted by
marketing, but I like the NIST definition, a summary of which can be
r 23, 2011 12:19 PM
To: NT System Admin Issues
Subject: Re: LDAP\DC with a public IP
There's no obligation for a WAN to use dedicated circuits...50% of
the WANs of organizations that I've been associated with have used VPNs
for connectivity.
"Cloud" is definitely
www.fiserv.com
>
> [image: Description: Frog Signature]
>
> ** **
>
> *From:* Andrew S. Baker [mailto:asbz...@gmail.com]
> *Sent:* Friday, September 23, 2011 12:19 PM
>
> *To:* NT System Admin Issues
> *Subject:* Re: LDAP\DC with a public IP
>
> ** **
ut 60 entries). I've decided that
this is a "line in the sand" situation.
From: paul.hutchi...@mira.co.uk
To: ntsysadmin@lyris.sunbelt-software.com
Subject: RE: LDAP\DC with a public IP
Date: Thu, 22 Sep 2011 18:50:56 +
Are you sure that's what they're askin
24 matches
Mail list logo
