Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KM1895
Participant

LDAP queries not working

 

hi,

I have encountered a somewhat strange error regarding ldap queries.

After replacing hardware on two clusters, to new appliances and lifting them from R77.30 to R80.40, 

we see now that ldap is not working anymore.

This has two major impacts:

1. logs are not populated

2. remote access is not working as intended.

 

For remote access, we see that users are authenticated with generic* user. Tcpdump show us that ldap search request is sent, but it completely disregards the branches defined in ldap account unit, and only searches the last two DC=xxxx,DC=xxxx parts. Therefore, we see the ldap server send an error code 10, which means that the user is not found.

The customer still has a remote access cluster on R77.30, where it works just fine, and we also tested on a backup site running R80.20. There we see succesful ldap authentication when logging on with vpn client.

There has been no other changes done here, so im struggling to see why this would suddenly stop to work, just because we switched hardware and software version.

 

I have a tac case going, but its progressing slowly, so was wondering if anyone in the community here has encountered anything similar,

 

 

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Try using the ldapsearch command manually to see what happens as a troubleshooting step.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos