Normally, I would limit LDAP to bind to local host. However, my client is running an email appliance that pulls the list of valid users (and other information) from the Zimbra LDAP directory. Thus, as a work-around until LDAP authentication is implemented, I will use iptables to limit access to the LDAP port to be only localhost and the email appliance. |