Getting LDAP Bridge to work on Cloud Hosting

nnhubbard · 2015-07-09 16:09:11 UTC

We just recently moved our Matrix installation over to cloud hosting. Doing this means we no longer host our own Matrix server on-campus, which also means our LDAP Bridge no longer works.

What is the process of connecting the LDAP Bridge from an external server like we are now using? Would we just need to have our AD ip visible outside our internal network and then just use that as the Host in the Bridge?

** I realize these are kind of no-brainer questions, but when it comes to LDAP and AD I am clueless, and I just want to give our other IT admins a head start if there are suggestions here.

mfong · 2015-07-09 16:31:11 UTC

Yes, if you want to keep going exactly as you have been then that’s probably the simplest approach.

You would want to ensure that the AD domain controller is firewalled to allow access only from your Matrix server’s IP. For security reasons you would also want to use encrypted LDAPS over port 636 rather than plain LDAP over port 389 (prefix your hostname with ldaps:// to enable LDAPS, and ensure your AD DC is set up for LDAPS with an SSL certificate).

If your IT team isn’t prepared to allow external access to your AD DCs, then you might want to look at integrating with Active Directory Federation Services using the Matrix SAML bridge. However, this functions very differently from the LDAP bridge and would most likely involve a lot of rework of your Matrix permissions.

nnhubbard · 2015-07-10 16:29:09 UTC

Looks like we are setting up a VPN tunnel that is always open and we will be able to allow our VM to access our campus AD through that. Just a bit of setup, but I shouldn't have to change anything in Matrix, which makes me happy.