LDAP redundancy

[Charlie Ting]

Hi All,

We have a web server sitting in the DMZ. The web service queries the LDAP
off the domain controller in the trusted LAN. We created a firewall rule to
allow web server into the domain controller through port 389. We have 2
domain controllers. We like to provide LDAP redundancy. When one domain
controller goes down, the web service will automatically query the 2nd
domain controller. What's the technology that I should be looking after?
round robin? Please help.



Domain controller: Windows 2000 Server.

 

[Peter Demeyer]

I think you should be able to bind to a domain name rather than to a
specific domain controller.
If it's an .asp page or a .vbs script, then it could start with something
like this:
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

 

[Charlie Ting]

Hi Peter,

The web server is sitting in the DMZ server. How could it access the domain
name on the trusted LAN ?. And also what firewall rule is it to be
implemented?

thanks
charlie

 

[=?ISO-8859-15?Q?=22Frank_R=F6der_=5BMVP=5D=22?=]

Hi Peter,

The web server is sitting in the DMZ server. How could it access the domain
name on the trusted LAN ?. And also what firewall rule is it to be
implemented?

for this scenario you need to open the following ports:
Kerberos ports (88/tcp, 88/udp) used to perform mutual authentication
DNS ports (53/tcp, 53/udp)
LDAP ports (389/udp, 389/tcp or 636/tcp for SSL)
Microsoft-DS traffic (445/tcp, 445/udp)

I think it is better to move the Webserver in the internal LAN and to
publish the Website through an ISA 2004 Server.

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/publishingwebservers.mspx