Thanks to all
I used with partial success the ADAM way.
I confirm that:
ADAM can be used as a ldap/proxy client with the value added that you can limits the objects.
From a security view so you can interrogate Active Directory for authorizingonly users in AD to use resources etc. without asking directly to Domain Controller.
In a VPN environment managed by different combinations of HW/SW (not exclusively Microsoft) you can open the canonic LDAP ports only on the ldap proxy with different user, rights etc. from the user, rights etc. that replicates and/or interrogates from ldap proxy to Domain Controller.
You can not open the LDAP ports on Domain Controller because the calls between ldap proxy and Domain Controller are internal not exposed to external (VPN) and not interested to attacks or distrurbs.
To have a comaprison, I wrote a ldap proxy with microsoft .NET and it's very easy (two / three hours of work):
if you have the basic knowledge.
In my case the success (in all the solutions ADAM / custom client) was partially for a problem of the sw that I was using that verify (sic) with LDAP calls if the LDAP server answering is a Domain Controller. If not it respond bad calls.
Stupid software.
Thanks to all collegues for all the very professional answers. In specific to who tell me the ADAM soltion.
Good work Stefano Tufillaro
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
