How can a cloud server safely use local AD/LDAP?

The most comprehensive and effective way to address server access, privacy and security issues has been to use LDAP or Microsoft Active Directory (AD) as a central user directory within enterprise systems for storing user information.Based on this central user directory, some enterprises will also create a “bridge” to connect to the cloud infrastructure, opening up one or more different IaaS platforms (Infrastructure as a Service).
 
对于远程部署的服务器，企业需要知道哪些用户在访问哪些服务器。Therefore, in pursuit of efficiency, enterprises often adopt cloud-based user management services or identity directory-as-a-service (Directory-as-a-Service) platforms.A cloud user management service, or DaaS, synchronizes users with an internal LDAP or AD directory, enabling automatic user provisioning and management with the help of an identity bridging tool (a lightweight proxy service near AD) that is local to the customer.

What are the advantages of cloud directory services for administrators?

1. No network configuration required

Identity Bridge is a proxy service that securely feeds identity data from both LDAP and AD to DaaS, including all user identities, keeping data in sync without opening firewall ports or exposing corporate core directories to the public network.

2. Improve access security
With DaaS solutions, businesses can keep a central user directory secure, while ensuring that all user data is kept in sync, enabling tight control over server access.Unrelated accounts will not be provisioned or retained after the user is terminated.This is done primarily to ensure that only authorized users have access to internal systems, preventing user account theft, the primary risk for corporate directories.
 
3. 无需额外管理
除了自动同步用户信息外，DaaS 还会自动同步用户的安全组信息，大大减轻了 IT 管理员的运维负担。Administrators only need to create accounts and set privileged accounts, and then DaaS is responsible for securely copying all account information to all internal systems, applications, and networks, and setting correct access permissions for users.

Cloud-based directory services are the method modern enterprises use to manage and secure access to cloud server infrastructure and beyond.NingDS is a SaaS-based managed LDAP directory service platform, which implements the DaaS technology route, centralizes user management, and provides real single sign-on, WiFi authentication, and more.

If there is no correct method, the unified management of the directory users of the cloud server is a very difficult problem.However, through the identity bridging capabilities in the NingDS cloud identity directory, IT administrators can quickly enable cloud servers to use the enterprise's local AD or LDAP user store.