In this post i will show the ports that need to be by passed in iptables firewall in order to make 389 Directory server accessible and working perfectly. Before the Windows Console (installed 389 Console.msi) from client’ PC connecting to 389 administration server, there are 3 important ports has to opened from iptables firewall. This will allow linux administrator or LDAP administrator to perform LDAP server search query or linux administration’s task. There are three(3) ports that are normally should be opened on 389 Directory Server.
a) Port 389 (ldap)
b) Port 636 (ldaps – only if using TLS/SSL)
c) Admin server port (9830 by default)
Run netstat command to see opened port :
[root@centos62 ~]# netstat -plunt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1105/sshd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1140/postmaster tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN 1415/httpd.worker tcp 0 0 :::22 :::* LISTEN 1105/sshd tcp 0 0 ::1:5432 :::* LISTEN 1140/postmaster tcp 0 0 :::389 :::* LISTEN 1792/ns-slapd
Open the iptables firewall configuration file then enable port 389, 636 and 9830 go through iptables firewall :
[root@centos62 ~]# vi /etc/sysconfig/iptables
Add these three(3) lines:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT
Then restart the iptables firewall :
[root@centos62 ~]# service iptables restart