Does the LDAP role require RODC?



  • I've not yet tried to deploy an LDAP only server, and was wondering if it requires the RODC role, too? Can you do just LDAP on a server and still authenticate queries to a DC? Ex: <cloud server> queries <our LDAP> which queries the auth req from <our DC>. <Our LDAP> tells <cloud server> the results [pass|fail]. The alternate would be that the LDAP is an RODC and doesn't require the separate DC.

    As a followon question: would a linux box be able to serve as the intermediate LDAP here, still authenticating the queries to a Windows domain?



  • Well, just remember that the authentication for AD is really no more than LDAP on the back end. The only issue is finding the correct connection string. As for Windows boxes, I don't know.



  • Yes, Active Directory is a proprietary MS implementation of the LDAP. LDAP was created to be an easier to implement directory structure than the x500 structure, which i think was originally developed by ARPA. LDAP is at least 25 years old now.



  • @Grey Also, your description sounds like youre doing some sort of SSO or interdomain trust.


  • Service Provider

    @momurda said in Does the LDAP role require RODC?:

    Yes, Active Directory is a proprietary MS implementation of the LDAP. LDAP was created to be an easier to implement directory structure than the x500 structure, which i think was originally developed by ARPA. LDAP is at least 25 years old now.

    x500 aka DAP. Hence Lightweight DAP.



  • @momurda said in Does the LDAP role require RODC?:

    @Grey Also, your description sounds like youre doing some sort of SSO or interdomain trust.

    Sort of. The goal is to allow a cloud service to authenticate in our domain using ldaps, and I want to limit exposure.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.