Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Directory Service and DMZ

Messages: 7
Karma: 0
Send a private message to this user
I am having an issue with keeping a directory connection between my server and a client. If I run the auto-configure iCal installer inside or outside of my network I am able to auto complete addresses in iCal and use Apple's Directory Application to find users and resources. If I move my (or any user's) internally configured laptop outside the firewall, I lose directory access although the Directory Utility still shows a green light. If I issue a killall DirectoryServices at the command line while outside the firewall - lookups start working again. When I return to being inside the firewall, lookups fail again until I either restart or kill the DS again. If I configure a system outside of the firewall, directory lookups and autocomplete works fine - until I move back inside.

My server lives in a DMZ and has a different IP address internally and externally but DNS seems to be fine and everything else works. Is there a port that I am missing?

KMS 6.6.2 running on OS X Server 10.5.6.


Peter Martin
Goochland County Public Schools

Messages: 169
Karma: 0
Send a private message to this user
Perhaps there is a Network Address Translation (NAT) issue that is preventing the seamless movement between inside / outside your network.

It would seem logical that a particular address is being mapped (effectively "locked") for internal use on your client machine, which of course won't work externally, since you can no longer get direct access to that private IP of your KMS.

Perhaps you can do some HOST and nslookup commands (and similar such research) to see how your clients see the KMS internally, vs externally.



Messages: 520

Karma: 3
Send a private message to this user

Kerio uses the OS X Directory Util settings for those lookups.

You can access it via Terminal, and the dscl command.

>dscl localhost <enter>
> ls

 >cd LDAPv3/
/LDAPv3 > ls

Try to see if you can access the Directory that way, but I will assume not...

[Updated on: Wed, 22 April 2009 14:42]


Jakob Peterhänsel
Consultant - Humac A/S

Apple Certified Support Professional (ACSP)
Apple Certified Technical Coordinator (ACTC)
AppleSeed/CQF member since 1998
Kerio Messaging Partner
Previous Topic: Can a Resource be paired with a public calendar
Next Topic: Kerio, generic ldap, and 'extensions'
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 14:50:02 CEST 2017

Total time taken to generate the page: 0.00371 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.