I have a newly installed ZCS running behind a firewall with a split-dns setup. Currently everything works perfectly. I have opened up the SMTP, HTTPS, and IMAP SSL ports in my firewall and external access works.
I would like to open up the LDAP port on my firewall but I have read that the default configuration of Zimbra allows anybody to read the LDAP data. I have received some cryptic answers in another, related thread, about changing slapd.conf to limit connections to SSL and to require authentication to gain access.
I looked at the slapd.conf file and there is some commented out "access to" lines that are described as setting up authenticated access but I'm not sure if I after uncommenting those, if I need to comment out the other "access to" lines.
Can somebody provide a sample slapd.conf file that configures the LDAP server to only allow SSL encrypted connections that require the user to authenticate? Once I get that, then I can open the LDAP port on my firewall and external users can access the GAL without a VPN.