ADAM in a DMZ, perhaps ? Allowing LDAP queries into your domain sounds risky to me. Proxying into your own AD gives me the chills, quite frankly :P Another option might be to extract the data periodically through a script and publish it to a secure webpage, like Al suggests. Bit more work, but also much more secure imho. Regards, Paul.
________________________________ From: [EMAIL PROTECTED] on behalf of Al Mulnick Sent: Thu 9/15/2005 3:44 PM To: [email protected] Subject: RE: [ActiveDir] Publish ldap externally It is, but have you considered an alternate method? Maybe a secured web page vs. 389 access to the network?? A web service? What are the risks that you see in your organization and are trying to mitigate vs. the rewards? How real-time does this need to be? Allowing access is easy. Doing it in a way that meets your risk tolerance and return on time spent is different and requires a better understanding of your goals and environmental factors. Al -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wehner, Paul (wehnerpl) Sent: Thursday, September 15, 2005 9:35 AM To: [email protected] Subject: [ActiveDir] Publish ldap externally We are an edu and have an outside entity requesting access to our exchange 2003 address book. I was thinking about creating a proxy user and giving it limited search rights in AD (name, email, phone, dept) and acl'ing 389 to the other orgs network. Is this possible? Thanks, Paul List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<inline: winmail.dat>>
