https://community.checkpoint.com/t5/General-Topics/LDAP-queries-not-working/m-p/116518#M21676 <P>&nbsp;</P><P>hi,</P><P>I have encountered a somewhat strange error regarding ldap queries.</P><P>After replacing hardware on two clusters, to new appliances and lifting them from R77.30 to R80.40,&nbsp;</P><P>we see now that ldap is not working anymore.</P><P>This has two major impacts:</P><P>1. logs are not populated</P><P>2. remote access is not working as intended.</P><P>&nbsp;</P><P>For remote access, we see that users are authenticated with generic* user. Tcpdump show us that ldap search request is sent, but it completely disregards the branches defined in ldap account unit, and only searches the last two DC=xxxx,DC=xxxx parts. Therefore, we see the ldap server send an error code 10, which means that the user is not found.</P><P>The customer still has a remote access cluster on R77.30, where it works just fine, and we also tested on a backup site running R80.20. There we see succesful ldap authentication when logging on with vpn client.</P><P>There has been no other changes done here, so im struggling to see why this would suddenly stop to work, just because we switched hardware and software version.</P><P>&nbsp;</P><P>I have a tac case going, but its progressing slowly, so was wondering if anyone in the community here has encountered anything similar,</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 21 Apr 2021 10:58:15 GMT KM1895 2021-04-21T10:58:15Z https://community.checkpoint.com/t5/General-Topics/LDAP-queries-not-working/m-p/116518#M21676 <P>&nbsp;</P><P>hi,</P><P>I have encountered a somewhat strange error regarding ldap queries.</P><P>After replacing hardware on two clusters, to new appliances and lifting them from R77.30 to R80.40,&nbsp;</P><P>we see now that ldap is not working anymore.</P><P>This has two major impacts:</P><P>1. logs are not populated</P><P>2. remote access is not working as intended.</P><P>&nbsp;</P><P>For remote access, we see that users are authenticated with generic* user. Tcpdump show us that ldap search request is sent, but it completely disregards the branches defined in ldap account unit, and only searches the last two DC=xxxx,DC=xxxx parts. Therefore, we see the ldap server send an error code 10, which means that the user is not found.</P><P>The customer still has a remote access cluster on R77.30, where it works just fine, and we also tested on a backup site running R80.20. There we see succesful ldap authentication when logging on with vpn client.</P><P>There has been no other changes done here, so im struggling to see why this would suddenly stop to work, just because we switched hardware and software version.</P><P>&nbsp;</P><P>I have a tac case going, but its progressing slowly, so was wondering if anyone in the community here has encountered anything similar,</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 21 Apr 2021 10:58:15 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-queries-not-working/m-p/116518#M21676 KM1895 2021-04-21T10:58:15Z https://community.checkpoint.com/t5/General-Topics/LDAP-queries-not-working/m-p/116737#M21707 <P>Try using the ldapsearch command manually to see what happens as a troubleshooting step.<BR /><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk55040" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk55040</A></P> Fri, 23 Apr 2021 17:42:39 GMT https://community.checkpoint.com/t5/General-Topics/LDAP-queries-not-working/m-p/116737#M21707 PhoneBoy 2021-04-23T17:42:39Z