I need to setup LDAP SSO with an external 3rd party (my first time doing this). It will be my Active Directory (internal) and they want to configure LDAP access like this:
LDAP/AD Setup To map the LDAP/AD authentication, we need:
1) IP addresses enabled
2) LDAP/AD connection details
3) LDAP/AD account with read access
4) Sample LDAP/AD entry.
3rd Party IP addresses to be Enabled:
ip.addresses.1
ip.addresses.2
ip.addresses.3
Example of LDAP/AD Connection details:
Example 1: CN=Example Group,OU=Domain Users,DC=xxxxx,DC=local
Example 2: IP: 2xx.xx.xx.xx:389 Username: lookupuser Password: xxxxx Base: DC=schoollabs, DC=edu CN=Users CN Test case: schoolabs\passw0rd
My first thoughts are that they don't need full read access, they only need auth pass/fail result, but I'm not sure how to configure this or what the correct terminology is.
I'm also wondering if putting an RODC in the DMZ for them to connect to would be best, but I've never done this, how well does it work?
It's also disconcerting that they specify :389 instead of :636, but this is easily configured.
Thanks for any input,
Mike