LDAP redundancy

Hi All,

We have a web server sitting in the DMZ. The web service queries the LDAP
off the domain controller in the trusted LAN. We created a firewall rule to
allow web server into the domain controller through port 389. We have 2
domain controllers. We like to provide LDAP redundancy. When one domain
controller goes down, the web service will automatically query the 2nd
domain controller. What's the technology that I should be looking after?
round robin? Please help.



Domain controller: Windows 2000 Server.

I think you should be able to bind to a domain name rather than to a
specific domain controller.
If it's an .asp page or a .vbs script, then it could start with something
like this:
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")

"Charlie Ting" <cting74@hotmail.com> wrote in message
news:ucOdnVypZZPv0xLZnZ2dnUVZ_vmdnZ2d@golden.net...
> Hi All,
>
> We have a web server sitting in the DMZ. The web service queries the LDAP
> off the domain controller in the trusted LAN. We created a firewall rule
> to allow web server into the domain controller through port 389. We have 2
> domain controllers. We like to provide LDAP redundancy. When one domain
> controller goes down, the web service will automatically query the 2nd
> domain controller. What's the technology that I should be looking after?
> round robin? Please help.
>
>
>
> Domain controller: Windows 2000 Server.
>

Hi Peter,

The web server is sitting in the DMZ server. How could it access the domain
name on the trusted LAN ?. And also what firewall rule is it to be
implemented?

thanks
charlie


"Peter Demeyer" <pdemeyer@telenet.be> wrote in message
news:e6rgk7$cle$1@ikaria.belnet.be...
>I think you should be able to bind to a domain name rather than to a
>specific domain controller.
> If it's an .asp page or a .vbs script, then it could start with something
> like this:
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("DefaultNamingContext")
>
> "Charlie Ting" <cting74@hotmail.com> wrote in message
> news:ucOdnVypZZPv0xLZnZ2dnUVZ_vmdnZ2d@golden.net...
>> Hi All,
>>
>> We have a web server sitting in the DMZ. The web service queries the LDAP
>> off the domain controller in the trusted LAN. We created a firewall rule
>> to allow web server into the domain controller through port 389. We have
>> 2 domain controllers. We like to provide LDAP redundancy. When one domain
>> controller goes down, the web service will automatically query the 2nd
>> domain controller. What's the technology that I should be looking after?
>> round robin? Please help.
>>
>>
>>
>> Domain controller: Windows 2000 Server.
>>
>
>

Charlie Ting schrieb:
> Hi Peter,
>
> The web server is sitting in the DMZ server. How could it access the domain
> name on the trusted LAN ?. And also what firewall rule is it to be
> implemented?
>


for this scenario you need to open the following ports:
Kerberos ports (88/tcp, 88/udp) used to perform mutual authentication
DNS ports (53/tcp, 53/udp)
LDAP ports (389/udp, 389/tcp or 636/tcp for SSL)
Microsoft-DS traffic (445/tcp, 445/udp)

I think it is better to move the Webserver in the internal LAN and to
publish the Website through an ISA 2004 Server.

http://www.microsoft.com/technet/pr...webservers.mspx



--
Viele Grüße
Frank Röder
MVP Windows Server System - Directory Services
"Ex oriente lux"