Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
SAROU237
Explorer

User directory

In user directory :

 

User Directory lets you configure:

  • "Mutiple account unit" An account unit, is it a group of user?  Exemple: group of user in service marketing

  •  Decide how many Account Units you will need. "
  • "You can have one for each User Directory server, or you can divide branches of one User Directory server among different Account Units. " do you have an example ?

Thank you

0 Kudos
Reply
3 Replies
PhoneBoy
Admin
Admin

When you query an LDAP server (usually but not always Active Directory), you generally query a specific part of its hierarchy.
In Check Point, this is defined as part of the Account Unit (AU).
You may need to query more than one set of servers or a different part of the hierarchy on the same servers.
In either case, you would create a different AU to accommodate.

LDAP Groups are specific to an AU since they refer to a specific part of the hierarchy.

I believe there are examples in the documentation.

0 Kudos
Reply
SAROU237
Explorer

is account unit information like name,company, country?

we can query the ldap without creating account unit. so why do we need To create that ? please give me an example

0 Kudos
Reply
PhoneBoy
Admin
Admin

If you want to integrate with Active Directory at all, you need to create one or more Account Units that refers to the relevant branches of the directory.
The relevant branch(es) is/are highly specific to the directory in question.
The following might be helpful: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solu...
I also highly recommend reading the Security Management and Identity Awareness guides for the relevant version of code you're running.

0 Kudos
Reply