How can i connect on-premises LDAP over Internet?

Imran Yaseen

7/31/24, 2:53 PM

I am developing a .net core API that will host on Azure. The main aim of this API is to connect with LDAP (On-premises). If the application hosts on-premises then there is no problem connecting with LDAP. But what are the options to connect with on-premises AD over the Internet?

Thanks.

Sorry, I forgot to mention the client is not interested in using VPN.

1 + 5

active-directory

ldap

azure

azure-web-apps

Greg Askew

7/31/24, 3:46 PM

`what are the options to connect with on-premises AD over the Internet?` A VPN

Imran Yaseen

7/31/24, 4:44 PM

Sorry, I forgot to mention the client is not interested in using VPN. I have updated my original question too.

Greg Askew

7/31/24, 5:42 PM

Well, you should provide what you *are* interested in. Everyone uses a VPN. You don't have any other options, unless you're looking for someone to validate for you to open a port in the firewall for LDAP, which is a terrible idea.

TomTom

7/31/24, 6:46 PM

Off topic: Requests for product, service, or learning material recommendations are off-topic because they attract low quality, opinionated and spam answers, and the answers become obsolete quickly. Instead, describe the business problem you are working on, the research you have done, and the steps taken so far to solve it. 2

John Mahowald

8/1/24, 2:15 AM

You're getting strong objections to not using a VPN because putting AD DS on the internet is a terrible idea. The application is not hardened to face password brute forces and other nastiness. Theoretically there could use cases for LDAP in TLS over the internet, Azure AD DS will warn about internet facing and strongly recommend IP allow lists but allow you to do it https://learn.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps#lock-down-secure-ldap-access-over-the-internet

Score:2

Server

mfinni

7/31/24, 5:49 PM

You can port-forward to your LDAP server(s) using LDAPS, which is LDAP secured by TLS. The connecting client (your app) will need to trust the certificate offered by the LDAPS server of course.
You can use an app proxy that publishes access via LDAPS, thus not requiring you to open up ports directly to the LDAP servers.
You can use a VPN.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How can i connect on-premises LDAP over Internet?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.