Make LDAP/AD in intranet available to webapplications in extranet

Hi @workpush,

yes, I would also recommend a dedicated slave replica server as long as the LDAP access is read-only.
Also remember to only use LDAPS connections and use limited account.

Further read:

• [HowTo] Use letsencrypt certificates for LDAPS connections (via stunnel)
• UCS and security hardening