diff --git a/ansible/roles/iptables/templates/iptables.j2 b/ansible/roles/iptables/templates/iptables.j2
index 4a657ab80..f203dd15c 100644
--- a/ansible/roles/iptables/templates/iptables.j2
+++ b/ansible/roles/iptables/templates/iptables.j2
@@ -176,6 +176,11 @@
 -A INPUT -m state --state NEW -m tcp -p tcp -s {{ net.wifi }} --dport 443 -j ACCEPT
 {% endif %}
 
+{% if inventory_hostname in groups['ldap'] %}
+-A INPUT -m state --state NEW -m tcp -p tcp -s 172.0.0.0/8 --dport 389 -j ACCEPT
+-A INPUT -m state --state NEW -m tcp -p tcp -s 152.54.0.0/16 --dport 389 -j ACCEPT
+{% endif %}
+
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT
diff --git a/tools/sharkbait/resources/grouper.client.properties b/tools/sharkbait/resources/grouper.client.properties
index fd795e135..6b597f45c 100644
--- a/tools/sharkbait/resources/grouper.client.properties
+++ b/tools/sharkbait/resources/grouper.client.properties
@@ -13,4 +13,4 @@
 ## LDAP connection settings
 ########################################
 
-grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties, file:/etc/grouper/client.properties
+grouperClient.config.hierarchy = classpath:grouper.client.base.properties, classpath:grouper.client.properties