Jump to content


Photo

Need helping connecting to LDAP please

LDAP AD active directory users

  • Please log in to reply
3 replies to this topic

#1 Bryce Contento

Bryce Contento
  • Members
  • 3 posts

Posted 27 May 2015 - 02:00 PM

I've started setting up a trial account with ESS to see if it's going to work for us. I'm trying to get it to connect to my LDAP server, but it's failing with: Error: Unable to connect to subdomain.mydomain.com:389

 

That address points to a public IP address on my firewall that I have setup for NAT to the LDAP server in my network. I've also tried the public IP address of that server as well. Both fail. I've also tried to use LDAPS to no avail.

 

Is it safe to assume that it's not even getting to the authentication part of the process (looking up the Bind DN, etc)?

 

I know the LDAP server is alive and listening. I use Softerra LDAP Admin tool and it connects fine (inside my network as a local server), but I'm not familiar enough with this to figure out why it's not connecting outside the network. I would have thought it would come down to issues on my firewall, but I'm quite certain I have those rules setup correctly.

 

Is there some tool of some kind that I can use outside my network to give me a more clear indication as to where the breakdown is happening?

 

thanks all.

 



#2 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 404 posts

Posted 27 May 2015 - 02:11 PM

If the test says "unable to connect" that would indicate either a block at your mail server or router.

Please contact Barracuda Technical Support at 408.342.5300
We are available 24x7 to assist you in setting up your Barracuda Email Security Service.

Sincerely,
 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#3 Bryce Contento

Bryce Contento
  • Members
  • 3 posts

Posted 27 May 2015 - 02:36 PM

Wow. nevermind. I spent the entire day trying to work this out. Barracuda's setup docs clearly state that the server IP range to be allowed through the firewall:

 

  • Open up your firewall ports to allow the IP address range 64.235.144.0/20 such that your LDAP and MS Exchange servers can communicate with the Barracuda Email Security Service.

I finally setup a packet monitor on my firewall and the traffic coming from the ESS server is originating from 64.235.150.121

 

Clearly, that's NOT in the range indicated in your docs. As soon as I changed the firewall NAT policies to reflect this IP range, viola. It connected. Is this IP address difference something I need to be concerned with (like it's going to change to something else at some point)?



#4 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 404 posts

Posted 05 June 2015 - 09:49 AM

Actually 64.235.150.121 is in our range.

Note the range is 64.235.144.0/20

that is not saying 0 through 20 but is 4096 addresses from 64.235.144.0 through 64.235.159.255

Hope this helps.

 


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300