Beruflich Dokumente
Kultur Dokumente
Contrary to X.500, LDAP supports TCP/IP, which is necessary for any type
of Internet access. LDAP is an open protocol, and applications are
independent of the of server platform hosting the directory.
The Active Directory is not an X.500 directory. Instead, it uses LDAP as the
access protocol and supports the X.500 information model without requiring
systems to host the entire X.500 overhead. The result is the high level of
interoperability required for administering real-world, heterogeneous
networks.
The Active Directory supports access via the LDAP protocol from any
LDAP- enabled client. LDAP names are less intuitive than Internet names,
but the complexity of LDAP naming is usually hidden within an application.
LDAP names use the X.500 naming convention called "Attributed Naming."
A Windows 2000 Domain Controller is a LDAP server and contains all your
domain information like user accounts and groups.
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example LDAP
Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the LDAP Server protocol
definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
6. On the Check E-mail addresses page, select Yes if you want to check
recipient email addresses against your LDAP Server, otherwise choose
No, click Next.
No performs faster response to Outlook Express.
11. Click Apply, click OK and Close the Internet Account dialog box.
Instead of publishing a LDAP server you can publish a Global Catalog server
from within your private network. In most cases the GC is the same machine
as your DC, but you can use another machine that function as a GC.
Step 1: Creating a Protocol Definition for a Global Catalog Server
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example GC
Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the GC Server protocol
definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
Important
Every time a user performs a query to your LDAP/GC server within Outlook
Express, the username and password of the account that is used to query your
LDAP/GC server is sent in clear text. Also queries sent to the LDAP/GC and
responses (email addressees and user information) are sent in clear text. This
can be a security risk, because users email addresses where sent in clear text
over the internet and can be used for spamming mail.
Encrypting Traffic From an LDAP Client to the ISA Server using SSL
Perform the following steps to encrypt traffic from an LDAP client to the
ISA Server using SSL:
Note: You can use above procedure to ask a certificate for Domain
Controllers (LDAP servers), but instead of Computers, use a Domain
Controller policy.
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example Secure
LDAP Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the Secure LDAP Server
protocol definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
11. Click Apply, click OK and Close the Internet Account dialog box.
Instead of publishing a Secure LDAP server you can publish a Secure Global
Catalog server from within your private network
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example Secure
GC Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the Secure GC Server protocol
definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
Summary
Get all articles delivered directly to your mailbox as and when they are
released on ISAserver.org! Choose between receiving instant updates with
the Real-Time Article Update, or a monthly summary with the Monthly
Article Update. Sign up to the ISAserver.org Monthly Newsletter, written by
ISA expert Dr. Tom Shinder, containing news, the hottest tips, ISA links of
the month and much more. Subscribe today and don't miss a thing!
Related links
Featured Links*
Discuss your ISA Server issues with thousands of other ISA Server experts.
Click here to join!
Contrary to X.500, LDAP supports TCP/IP, which is necessary for any type
of Internet access. LDAP is an open protocol, and applications are
independent of the of server platform hosting the directory.
The Active Directory is not an X.500 directory. Instead, it uses LDAP as the
access protocol and supports the X.500 information model without requiring
systems to host the entire X.500 overhead. The result is the high level of
interoperability required for administering real-world, heterogeneous
networks.
The Active Directory supports access via the LDAP protocol from any
LDAP- enabled client. LDAP names are less intuitive than Internet names,
but the complexity of LDAP naming is usually hidden within an application.
LDAP names use the X.500 naming convention called "Attributed Naming."
A Windows 2000 Domain Controller is a LDAP server and contains all your
domain information like user accounts and groups.
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example LDAP
Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the LDAP Server protocol
definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
11. Click Apply, click OK and Close the Internet Account dialog box.
Instead of publishing a LDAP server you can publish a Global Catalog server
from within your private network. In most cases the GC is the same machine
as your DC, but you can use another machine that function as a GC.
Step 1: Creating a Protocol Definition for a Global Catalog Server
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example GC
Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the GC Server protocol
definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
Important
Every time a user performs a query to your LDAP/GC server within Outlook
Express, the username and password of the account that is used to query your
LDAP/GC server is sent in clear text. Also queries sent to the LDAP/GC and
responses (email addressees and user information) are sent in clear text. This
can be a security risk, because users email addresses where sent in clear text
over the internet and can be used for spamming mail.
Encrypting Traffic From an LDAP Client to the ISA Server using SSL
Perform the following steps to encrypt traffic from an LDAP client to the
ISA Server using SSL:
Note: You can use above procedure to ask a certificate for Domain
Controllers (LDAP servers), but instead of Computers, use a Domain
Controller policy.
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example Secure
LDAP Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the Secure LDAP Server
protocol definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
11. Click Apply, click OK and Close the Internet Account dialog box.
Instead of publishing a Secure LDAP server you can publish a Secure Global
Catalog server from within your private network
1. Expand the Publishing node in the ISA Management console and right
click on the Server Publishing node. Click New and click Rule.
2. On the Welcome page, type in the name of the rule, example Secure
GC Server, click Next.
3. On the Address Mapping page, type in the IP address of the internal
server, which is the IP address of your internal Domain Controller and
the External IP address on the ISA server, which is the IP address on
your external interface of ISA, click Next.
4. On the Protocols Settings page, select the Secure GC Server protocol
definition that we created above, click Next.
5. On the Client Type page, select the client type to which you want this
rule applied and click Next.
6. On the last page click Finish.
Summary
Get all articles delivered directly to your mailbox as and when they are
released on ISAserver.org! Choose between receiving instant updates with
the Real-Time Article Update, or a monthly summary with the Monthly
Article Update. Sign up to the ISAserver.org Monthly Newsletter, written by
ISA expert Dr. Tom Shinder, containing news, the hottest tips, ISA links of
the month and much more. Subscribe today and don't miss a thing!
Related links
Featured Links*