1

How to safely use corporate Active Directory (LDAP) authentication for an internet facing web site?

view story
linux-howto

http://serverfault.com – Let's say you have a public web service (Jira in my case) that is used by both intranet users and external users. The server is already configured to use HTTPS (secure). Because the server is accesible from outside it is located into a DMZ/COLO zone, outside your intranet. Still, you do want to be able to allow all people from the company to access the website, without having to create accounts for them. We all know that LDAP authentication is the solution but the problem is that you still need to be able to access the AD server, which is on the intranet. As usual, IT Security audit rem (HowTos)

taskli's picture
Submitted by taskli on 08/30/2012

Stories similar to How to safely use corporate Active Directory (LDAP) authentication for an internet facing web site?

Firstly, I’m not completely familiar with IIS 6.0.

Anyway, my company has a server running Windows Server 2003. A few months ago, I set up a company intranet and everything has been running smoothly since.

To get to the intranet, all the users had to do was go to http://192.168.1.5 in their browsers.

So here's the deal.

How do I configure an Intranet? 3 years 22 weeks ago

Hi,

I have searched this forum as well as the web, without luck, to find a detailed guide on how to configure an Intranet on a linux server. I hope to be able to get some help from you folks.

Current network topology:

I presently use "md5" authentication for access from the lan:

host all all 192.168.1.0/24 md5

I want to add ldap authentication method, so I added this line before:

host all all 192.168.1.0/24 ldap "ldap://192.168.1.2/basedn;uid=;,cn=xx,dc=yy,dc=zz,dc=ca"

This work great with ldap accounts, but if I try to login with an account not present on

I want to create couple of Admin users who have access to create/delete users on a particular group/Organization Unit.

I have a web site that has some content protected via apache basic authentication.

Is there a way for me to tell (from the access logs perhaps?) how many users are actually using the login?

Intranet traffic is excluded from having to log in, so I can't just look at how many people are accessing those pages.

Thanks.

I want to set up a intranet youtube clone website for my company staff. All videos will be uploaded by the admin. The users can only stream the video. We cannot ask users to install or use any other software other than a web browser. Can you please suggest me the minimum server requirements of this system? maximum number of users: 250 at a time. connection to the internet is not available.

My server has access to a read-only LDAP where information about 99% of user accounts will reside. On my server I want to configure Samba to use LDAP for authentication.

Now and then there will be some extra users that do not have an account on LDAP.

Hi,

Facing errors during GNOME 3 login using LDAP Client authentication in Fedora 17 i386. configured ldap authentication using authconfig-tui. also modified /etc/sysconfig/authconfig FORCELEGACY=yes parameter to disable TLS .