Does the LDAP role require RODC?
-
I've not yet tried to deploy an LDAP only server, and was wondering if it requires the RODC role, too? Can you do just LDAP on a server and still authenticate queries to a DC? Ex: <cloud server> queries <our LDAP> which queries the auth req from <our DC>. <Our LDAP> tells <cloud server> the results [pass|fail]. The alternate would be that the LDAP is an RODC and doesn't require the separate DC.
As a followon question: would a linux box be able to serve as the intermediate LDAP here, still authenticating the queries to a Windows domain?
-
Well, just remember that the authentication for AD is really no more than LDAP on the back end. The only issue is finding the correct connection string. As for Windows boxes, I don't know.
-
Yes, Active Directory is a proprietary MS implementation of the LDAP. LDAP was created to be an easier to implement directory structure than the x500 structure, which i think was originally developed by ARPA. LDAP is at least 25 years old now.
-
@Grey Also, your description sounds like youre doing some sort of SSO or interdomain trust.
-
@momurda said in Does the LDAP role require RODC?:
Yes, Active Directory is a proprietary MS implementation of the LDAP. LDAP was created to be an easier to implement directory structure than the x500 structure, which i think was originally developed by ARPA. LDAP is at least 25 years old now.
x500 aka DAP. Hence Lightweight DAP.
-
@momurda said in Does the LDAP role require RODC?:
@Grey Also, your description sounds like youre doing some sort of SSO or interdomain trust.
Sort of. The goal is to allow a cloud service to authenticate in our domain using ldaps, and I want to limit exposure.
