>>> I want block LDAP port from incoming internet because security >>> reason, can my external user login with auth_pop via LDAP ?? if >>> cannot login, can with other solution ( tricky ) but I still want >>> login with LDAP no with local autenfication..?? >> >> auth_pop is used in POP3 server. tcp/110 port. It is not same thing as >> using LDAP directly. If POP3 server has access to LDAP, auth_pop will >> work. >> >> man slapd >> >> -h URLlist >> >> >> slapd will by default serve ldap:/// (LDAP over TCP on all >> interfaces on default LDAP port). That is, it will bind using >> INADDR_ANY and port 389. The -h option may be used to specify >> LDAP (and other scheme) URLs to serve. >> >> >> See also peername.regex ACL property. >> >> > > but I have tried with iptables in local machine ( installed QMAil LDAP) > blok port LDAP 389 and I tried autentifcation with MUA and auth POP is > reject!
Please keep same reply style as the one that is used in original reply. It is hard to follow conversation, when you top post. Please keep qmail-ldap questions on qmail-ldap mailing list. Check your firewall rules. If POP3 and IMAP authentication breaks after you enable firewall, your firewall rules are incorrect. Security should not depend on firewall settings. If you don't want to make LDAP server available to outside users, don't make it available even when firewall is down. OpenLDAP Admin guide contains peername.regex example which allows read access from certain IP address range and blocks other anonymous requests. http://www.openldap.org/doc/admin23/slapdconfig.html#Access%20Control -- Tomas
