Setting up firewallD on Centos 7 servers. They use LDAP for authentication over SSH login. Do I need to explicitly allow port 389 LDAP on the default zone on FirewallD or because iv allowed SSH and the server will connect outbound to LDAP initially, will this not be required for the return inbound connection?
Im not very familiar with LDAP. I suppose it would be possible that the server connecting to LDAP server will only need to read the LDAP directory and the LDAP server wont need to send over any data on port 389?
Firewalld should allow related and established connections by default, which are connections that originate from your server and are getting a response. If the LDAP query is originating from the server, there should be no issues receiving the response from your LDAP server. Note that outbound connections usually originate from a different port than the one the service is listening on the other end, so your outbound LDAP query won't be using port 389 to communicate.