LDAP Authentication within DMZ
We are currently in the process of setting up a Glassfish 3.1 Application Server in a production environment that is running in a DMZ. GF is currently running on a non-privileged port and is fronted by Apache which dispatches requests using mod_jk.
We are looking for suggestions and/or best practices from the community for the issue of authenticating internal users using LDAP within the DMZ. While opening a port on the firewall for LDAP is the simple solution, we are looking for some input on a more sophisticated solution to the problem for security reasons.
Does anyone have any suggestions or can share their experiences of how they have dealt with this problem?