How can LDAP be used on the local and external network?

A

amberav2017-03-16 17:58:19

linux

amberav, 2017-03-16 17:58:19

There was a desire to set up authentication on various company services (Gitlab, Owncloud, ...) using a single LDAP account. FreeIPA (389 directory server) was taken as such a server. If all services were hosted locally, then everything would be fine (raise a DNS server, make company.domain and hook everything to it), but Gitlab, for example, is spinning very far, and of course it already has a domain gitlab.company.ru
How can I connect local and external services to the same LDAP server? Can I set up different DNS zones or can I somehow do this with a VPN? (external IP to the LDAP server can be issued)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

ky0, 2017-03-16
@amberav

Either through a VPN, or by restricting access to the external address of the LDAP server to only your IP ranges. Well, TLS, of course, do not forget to enable ldap - just in case.

A

Axian Ltd., 2017-03-16
@AxianLTD

Authentication through pure ldap is only suitable for local network. It makes no sense to shine with ldap ports on the Internet. For authentication over the Internet, it is better to use oAuth. And ldap will be the backend for it.