How to safely use corporate Active Directory (LDAP) authentication for an internet facing web site?

view story

http://serverfault.com – Let's say you have a public web service (Jira in my case) that is used by both intranet users and external users. The server is already configured to use HTTPS (secure). Because the server is accesible from outside it is located into a DMZ/COLO zone, outside your intranet. Still, you do want to be able to allow all people from the company to access the website, without having to create accounts for them. We all know that LDAP authentication is the solution but the problem is that you still need to be able to access the AD server, which is on the intranet. As usual, IT Security audit rem (HowTos)