[SOLVED] LDAP bind, not access from lan IP

[bart]

Hello.

I need to access to the zimbra-ldap from the lan, to get access to the GAL from mail clients. The zimbra LDAP server refuse conection from the lan ip´s telnet name.domain.edu 389 refused.
I only can access to ldap from the localhost.


the nmap scan report that the 389 is closes. only this ports are open.

22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
993/tcp open imaps
995/tcp open pop3s


How can I change this, i need to ldap listen in port 389 only from my local LAN interface.

Thanks in advance.

[uxbod]

what does the following show

Code:

su - zimbra
zmlocalconfig | grep "ldap.*url"

is it just set as localhost ?

[bart]

I found a solution, I edit the ldap start script located at /opt/zimbra/bin/ldap , and remove the "-h my...", then restart all the services.

the ldap bind now to all the ip's, i restric the needed ip only to the iptables.

[Konstantin]

hello

iptables -t nat -A PREROUTING -i eth0 -p tcp --destination LAN_IP --dport 389 -j DNAT --to LDAP_IP:389