Results 1 to 4 of 4

Thread: LDAP through Firewall

  1. #1
    kevindods is offline Advanced Member
    Join Date
    Oct 2005
    Posts
    181
    Rep Power
    9

    Default LDAP through Firewall

    Hi

    Trying to get connected to Zimbra GAL over LDAP from the Public Internet through a Firewall using MAP/NAT to private internal IP network. Can access using Thunderbird on a client local to Zimbra server but not on the other side of the firewall.

    Enabled the correct 389 port mapping etc but no joy, even tried opening the IP target address completely to a known IP range but still the same result. Is there a permissions issue somewhere in Zimbra? Something like the hosts.allow file or a slapd conf entry? Probably something obvious and silly but I am generally good at trying the obvious and silly things...

    Help much appreciated ;-)

    Kevin

  2. #2
    KevinH's Avatar
    KevinH is offline Expert Member
    Join Date
    Aug 2005
    Location
    San Mateo, CA
    Posts
    4,789
    Rep Power
    19

    Default

    You should also open 7389 which is where the actuall LDAP server runs. 389 is mapped via iptables to 7389. so we've seen certian configs that needed both ports open.

  3. #3
    kevindods is offline Advanced Member
    Join Date
    Oct 2005
    Posts
    181
    Rep Power
    9

    Default LDAP working...

    Thanks Kevin

    I tried that but no joy. Then moved to another network and tried it from there and it works. Must be something to the specific local network or the local installs of Thunderbird.

    There always seems to be another obvious and silly thing I miss!

    Kevin

  4. #4
    s3nz3x is offline Project Contributor
    Join Date
    Nov 2005
    Location
    proxima centaury
    Posts
    33
    Rep Power
    9

    Default Dns…

    1°) can you acces "some service - host" other than zimbra server ?
    Can you connect like a web server, ssh, or any test box or client? in your ZimbraLAN side from Internet(WAN) [with the correct ports mappings in the firewall ( I assume YES because it seems you're suspecting the ZIMBRAserveritself and not your firewall/network settings.
    Enabled the correct 389 port mapping etc but no joy, even tried opening the IP target address completely to a known IP range but still the same result. Is there a permissions issue somewhere in Zimbra? Something like the hosts.allow file or a slapd conf entry? Probably something obvious and silly but I am generally good at trying the obvious and silly things...
    )
    when you talk about an eventually permissions issue, have you an error message ? aka you can't log in, or host deny or some message? Or is it just time out, no connection, nothing…
    2) ON Your client-config (WAN side - aka your home or place from where you try to connect) What are your DNS settings ? Are they those of your ISP?
    you should then add an entry like 192.168.x.x aka the DNS server in your ZImbraLAN SIDE.
    3) can you VPN trough your firewall, this would be simplier as simulating you're in the ZimbraLAN allready…
    4) what do you mean :
    moved to another network and tried it from there and it works
    ?
    Have you been, like to visit some friend, and via it's Internet connection, you did connect to the zimbra server the way you want ? I'm confused here of what you mean.

    I would suspect your Firewall, but if you succeded @ another place Cf4) then it's not that.
    In that case I would say DNS. Most of my connections pb come from DNS.
    (it's always the FIRST thing I set up).
    Can you add DNS entries in your firewall??

    On my LAN (never on the Internet) I have some ? subnets on a IPCOP acting as firewall/router (Gigabit router;) I've set up Kerberos with MacOsXServer witch is the LDAP Master for my clients the "Greenside".
    (ZImbra is on the same subnet as the server but not the same domain - it's testing purpose right now - but ths OsXBOX is the LANDNS) I've also a second OsX server kerberized, in the IpcopDMZSide aka Orange.
    All this to say that I had to add "DMZ pinholes" (as it's said in IPCop)
    to make Kerberos and LDAP work fine.
    To do so I did map those ports to the OsXMasterServer:
    53 (domain) - TCP
    5353 (MDNS) - UDP
    389 (LDAP) - TCP
    636 (LDAPS) - TCP

    (and others necessary to Kerberos not relevant here)

    Don't know if it helps.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. LDAP Replication Experiences
    By technikolor in forum Administrators
    Replies: 4
    Last Post: 11-12-2008, 12:52 AM
  2. 3 testing: LDAP: 389 Failed when restore zimbra
    By victorLeong in forum Administrators
    Replies: 15
    Last Post: 05-24-2007, 06:45 AM
  3. Mac OSX install: Java errors & LDAP CA error
    By jefbear in forum Installation
    Replies: 9
    Last Post: 12-16-2006, 03:39 PM
  4. Replies: 4
    Last Post: 11-15-2006, 12:16 PM
  5. LDAP auth working only when firewall stopped
    By brousky in forum Installation
    Replies: 1
    Last Post: 09-19-2006, 06:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •