RE: [ot] Port Forwarding LDAP

[Ken Schaefer]

From: ozdotnet-boun...@ozdotnet.com [mailto:ozdotnet-boun...@ozdotnet.com] On 
Behalf Of noonie
Sent: Monday, 6 February 2012 6:01 PM
To: ozDotNet
Subject: Re: [ot] Port Forwarding LDAP

On 6 February 2012 20:26, Ken Schaefer 
<k...@adopenstatic.com<mailto:k...@adopenstatic.com>> wrote:

Is there a second NIC in the server hosting the web application? If so, can you 
use a direct connection (aka cross-over cable - though most NICs support MDI-X 
now, so you can just use a regular cable)? Set up a HOSTS file entry on the web 
application server so that it knows how to get to the DC.

No second NIC and more than one dev will need access at a time. If I can get it 
to work then I can replicate it for the testers too.

The web application would be accessible via NIC1 - which all your users have 
access to. It just accesses the LDAP store via NIC2. Your users don't need to 
direct access to the DC do they?
Alternatively, get rid of the DC. Install ADAM/AD LDS (or some other LDAP 
server). Import a selection of your directory structure/objects into that. Then 
you won't have issues with replication, or exposing your Production AD on a 
test network.
I tried ADAM but it doesn't seem to understand security groups, which are 
needed, and also had a look at Microsoft's AD-like ADAM schema but it too has 
limitations.

Aren't you just doing LDAP lookups? ADAM supports groups.
What are the schema limitations? You can extend the ADAM/AD LDS schema IIRC
Lastly, you could just setup your own DC and import some data.

Cheers
Ken



Cheers
Ken

From: ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com> 
[mailto:ozdotnet-boun...@ozdotnet.com<mailto:ozdotnet-boun...@ozdotnet.com>] On 
Behalf Of noonie
Sent: Monday, 6 February 2012 5:11 PM
To: ozDotNet
Subject: Re: [ot] Port Forwarding LDAP

Meski,

Similar, but not the same, so I can get away with it ;-)

A few years ago we had a senior DBA who set up a two pc virtual network with 
domain controllers and sql server vms, to try out some new stuff in sql server. 
I warned him not to let the network escape and he agreed.

About a week later our network security folks were asking pointed questions 
about why this unknown machine was handing out ip addresses in another state.

He was using bridged virtual adapters...

--
noonie

On 6 February 2012 17:12, mike smith 
<meski...@gmail.com<mailto:meski...@gmail.com>> wrote:
On Mon, Feb 6, 2012 at 5:07 PM, noonie 
<neale.n...@gmail.com<mailto:neale.n...@gmail.com>> wrote:
> David,
>
> Bridging is prohibited. If I could get the hardware I'd stick it behind a
> real router :-(
>
Isn't port forwarding a similar thing?  If you explained it to
whoever's prohibiting bridging, they'd probably prohibit fwding too.



--
Meski

 http://courteous.ly/aAOZcv

"Going to Starbucks for coffee is like going to prison for sex. Sure,
you'll get it, but it's going to be rough" - Adam Hills