کد:
http://www.messagingtalk.org/publishing-active-directory-through-forefront-tmg-or-isa-server
I have been tasked to explore on how to publish the internal LDAP server(MS Active Directory) to public internet with authentication.
After few days of struggling, I am finally able to get it done.
I decided to publish it so that others will not have to suffer like me. :-)
Step 1: Start the "Publish Non-Web Server Protocols"

Step 2 : Give your rule a name

Step 3: Specify your LDAP Server(Active Directory) IP Address

Step 4: Create a new protocol

Step 5: Give your new protocol a name

Step 6: Create a new port range

Step 7: Select "TCP" --> "Inbound" and port is "389" for both

Step 8: Click on "New" to create another one

Step 9: Select "UDP" --> "Recieve" and port is "389" for both

Step 10 : Click "Next" to proceed

Step 11: Leave it as default and go to next step

Step 12: Click "Finish" to complete the wizard

Step 13: Click "Next" to proceed

Step 14: Check "External" Interface and click on "Address"

Step 15: Follow the setting below, highlight on the IP Address you want the server to listen to, and click on "Add"



Step 16: Click "Finish" to complete the wizard

Step 17: You need to modify the rule before it will work. Double click on the newly created rule

Step 18: Go to "To" Tab and choose "Request appear to come from the Forefront TMG computer" or "Request appear to come from the ISA Server computer"

Step 19: Click on "Apply" to active the changes.

Now you need to configure your client to test the rule. I am using "Windows Mail" in Vista
Step 1 : Launch Windows Mail and go to "Tools"-->"Accounts" and click on "Add"

Step 2: Select "Directory Service"

Step 3: key in the public resolvable name of your ForeFront or ISA server and check on "My LDAP server requires me to log on"

Step 4: key in your domain account credential

Step 5: Select "No" for this step

Step 6: Click on "Finish" to complete this wizard

Step 7: go back to "Tools" --> "Accounts" and select your newly creately directory service and click on "Properties"
Under "Advanced" tab, key the "Search base", it's recommended to narrow down the search into a specific OU for best performance, but you can still use domain root as search base.

Step 8: Locate this icon in Windows Mail and click on "People"

Step 9: Select the new directory service

Step 10: key in your search query, and here comes the results :-)

Have fun folks



موضوعات مشابه: