This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Us4r
Contributor
‎2020-04-17 01:54 AM

Scheduled AD-Group Membership sync with PDP

Hello,

 

at the moment I'm testing Identity Awareness with LDAP-Group Memebership Access Roles.

 

When I add / remove one user from a specfic LDAP - Group which is linked to a Access Role it takes a long time before the gateway notfies about that group membership change (~90mins).

 

I know that group membership think on checkpoint side can be manually started on the shell with the command "pdp update all".

This works as expected.

Does anybody know if I can globally change this auto - sync to a lower value or do I need something like a cron job for this?

 

Regards

 

Florian

1 Reply
Wolfgang
Authority
Authority
‎2020-04-17 05:56 AM

Florian,

If your LDAP-groups are referencing to ActiveDirectory-groups, then use the ActiveDirectory-groups in your accessrole-object instead of the LDAP-groups.
Which release are you running? There are known problems with the membership, but they are mostly solved since R80.10.

Wolfgang

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events