You also need 2 more ports open for LDAP and Secure LDAP. I believe it
uses LDAP for authentication .