• N/A

Like many orgs, the ACM's Active Directory forest is completely internal and is not reachable from the public internet. However, some of this information is safe to expose, at least non-anonymously, via a publically facing proxy. OpenLDAP has a history of being used as a basic public proxy for an Active Directory forest by exposing a limited subset of data mapped between the two systems (the schemas used do not need to match, just map). This can also be done securely since non-SSL traffic can be disabled and the public SSL certificate for the main hostname can be used to secure the connection without the requirement of some workaround using a custom CA.

https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

https://wiki.samba.org/index.php/Authenticating_other_services_against_AD#openLDAP_proxy_to_AD

http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

*Fill in when updates to document*