Is the LDAP binding required?
Question asked by Neal Culiner - 8/16/2019 at 4:10 AM
I want to use the server that runs smartermail as a backup domain controller and with port 389 in use by SM I can't setup the backup domain controller. I don't use Active Directory with SmarterMail, is it okay to delete the LDAP (389) binding or is it used for anything else? 

3 Replies

Reply to Thread
Sébastien Riccio Replied
I can't answer for ST, but as LDAP is an enterprise only feature, I would say it is only needed if you want to use LDAP auth within SmarterMail.

Disabling it/unbinding the port should have no effect on normal usage.

Sébastien Riccio
System & Network Admin

Employee Replied
Employee Post Marked As Answer
Hi Neil.  If you're not using AD, then it's perfectly safe to delete the 389 LDAP port.  You can add it back later if needed.
Paul R Replied
Think long and hard about running ANYTHING on a domain controller.  Running public services on a DC violates Best Practices.  If you install a service on a DC, and that service gets compromised, you could be putting your entire Directory Services architecture at risk, depending on the nature of the attack.

We won't even run an RODC that faces publicly, nor do we allow 3rd party vendors to authenticate (or otherwise) against our AD.  The risks far outweigh the rewards.

Reply to Thread