Active Directory over SSL

[DrPerceptron]

ok, so I'm stuck with an infinite amount of questions, a couple of 'answers' and standing in the centre of a round room... behind one of the questions is the door to escape the hellish nightmare...

1. LDAP over SSL is it restricted to 636? I'm asked to set it up to go over 443... but the internet just laughed at me

2. Has anyone actually asked SWGfL (or another RBC) about running LDAP with their hosting services? I did... they said it works see above

3. Am I going to need an externally signed SSL certificate? or will an internally signed cert suffice?

I think that should do for now... hopefully.

[FN-GM]

Do you really want to expose your internal network like that?
Do you not want some kind of VPN or something?

[DrPerceptron]

When it goes live, it'll probably point at a 2008 R-ODC.

I can't find any major security risks that are actually current, the DC's take any critical AD based updates from WSUS and reboot during the night after, anonymous bind/search is disabled and a couple of other things... so various factors have been weighted.

The big reason it wants to be enabled is there's a guaranteed uptime hosting it externally which is more important.

Supposedly I'm not required to open any ports at all... it'll just work (according to SWGfL networky people) there's probably some high-tech trickery I can employ with current hardware that'd work.

[Midget]

so it's being hosted with the council and you connect to it over a leased line?

[DrPerceptron]

correct.