Quote Originally Posted by bobby
is the server not behind a firewall?
It is but you obviously need the LDAP interface to be open to allow GAL access from applications like Outlook and Mail.app etc.

The simple answer to firewall the port would mean you loose all advantages of LDAP.

I have not gone through in detail the LDAP docs, but basically we need a rule that says:

* Source: or Local IP = No authentication
* Source: Any thing else = Simple Auth