Thanks Ken, It's not really a user issue, it's that more than one developer needs to access the LDAP store whilst debugging their code.
I've been given the VM setup because it is a copy of the target production environment and anything else is just an approximation. I'll look again at customising the ADAM schema if I can't get port-forwarding to work in a reasonable amount of wasted time. I don't "own" the environment here. We don't have separate dev & test domains and there's a limit to what I'm allowed to do. -- Regards, noonie On 6 February 2012 22:05, Ken Schaefer <[email protected]> wrote: > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *noonie > *Sent:* Monday, 6 February 2012 6:01 PM > > *To:* ozDotNet > *Subject:* Re: [ot] Port Forwarding LDAP**** > > ** ** > > On 6 February 2012 20:26, Ken Schaefer <[email protected]> wrote:**** > > ** ** > > Is there a second NIC in the server hosting the web application? If so, > can you use a direct connection (aka cross-over cable – though most NICs > support MDI-X now, so you can just use a regular cable)? Set up a HOSTS > file entry on the web application server so that it knows how to get to the > DC.**** > > ** ** > > No second NIC and more than one dev will need access at a time. If I can > get it to work then I can replicate it for the testers too.**** > > ** ** > > The web application would be accessible via NIC1 – which all your users > have access to. It just accesses the LDAP store via NIC2. Your users don’t > need to direct access to the DC do they?**** > > Alternatively, get rid of the DC. Install ADAM/AD LDS (or some other > LDAP server). Import a selection of your directory structure/objects into > that. Then you won’t have issues with replication, or exposing your > Production AD on a test network.**** > > I tried ADAM but it doesn't seem to understand security groups, which > are needed, and also had a look at Microsoft's AD-like ADAM schema but it > too has limitations.**** > > ** ** > > Aren’t you just doing LDAP lookups? ADAM supports groups. **** > > What are the schema limitations? You can extend the ADAM/AD LDS schema IIRC > **** > > Lastly, you could just setup your own DC and import some data.**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > ** ** > > **** > > Cheers**** > > Ken**** > > **** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *noonie > *Sent:* Monday, 6 February 2012 5:11 PM > *To:* ozDotNet > *Subject:* Re: [ot] Port Forwarding LDAP**** > > **** > > Meski,**** > > **** > > Similar, but not the same, so I can get away with it ;-)**** > > **** > > A few years ago we had a senior DBA who set up a two pc virtual network > with domain controllers and sql server vms, to try out some new stuff in > sql server. I warned him not to let the network escape and he agreed. **** > > **** > > About a week later our network security folks were asking pointed > questions about why this unknown machine was handing out ip addresses in > another state.**** > > **** > > He was using bridged virtual adapters...**** > > **** > > -- **** > > noonie**** > > **** > > On 6 February 2012 17:12, mike smith <[email protected]> wrote:**** > > On Mon, Feb 6, 2012 at 5:07 PM, noonie <[email protected]> wrote: > > David, > > > > Bridging is prohibited. If I could get the hardware I'd stick it behind a > > real router :-( > >**** > > Isn't port forwarding a similar thing? If you explained it to > whoever's prohibiting bridging, they'd probably prohibit fwding too. > > > > -- > Meski > > http://courteous.ly/aAOZcv > > "Going to Starbucks for coffee is like going to prison for sex. Sure, > you'll get it, but it's going to be rough" - Adam Hills**** > > **** > > ** ** >
