ichat,
VPN might be the right option for site-to-site connectivity or remote access for multiple protocols.
Question about "secure" LDAP is also valid on the Intranet where VPN would not make sense.
What you have to know is that LDAP protocol uses base64 encoding (not encryption
) meaning when one authenticate using LDAP protocol, then anyone on same LAN can quite easy sniff and retrieve password. As strategy is to have all applications and services relying on LDAP, it makes this solution highly unsecured if LDAPS is not used for authentication.
So rephrasing question: how to enable LDAPS (LDAP over TLS or SSL)?
1 - LDAP is already configured in Zentyal to implement secure LDAP connection (replication is done using LDAPS)
2 - it's more a matter of client configuration and firewall to authorize access on port 443
3 - look at openldap documentation. Once server is LDAPS ready, it's mainly done client side.