This article just tells how to do it, it doesn't say anything about how to do it securely.
AD Self service connects back into Active Directory and for some things requires a service account with domain admin permissions. If the server in the DMZ is compromised, with the ports required to be opened and the accounts that need to be used, an attacker would have a LOT of access back into our infrastructure.
Most other products like this will separate the application layer from the front end web portal, is there no way to do this with this product? If not, I cannot see how this product could be useful for remote user's without seriously compromising my infrastructure.
AD Self service connects back into Active Directory and for some things requires a service account with domain admin permissions. If the server in the DMZ is compromised, with the ports required to be opened and the accounts that need to be used, an attacker would have a LOT of access back into our infrastructure.
Most other products like this will separate the application layer from the front end web portal, is there no way to do this with this product? If not, I cannot see how this product could be useful for remote user's without seriously compromising my infrastructure.