Re: Global Domain Install database

Maarten_Sjouw · ‎2019-10-22

I'm currently working on getting the AD authentication working on our MDS and I have been able to setup the AD LDAP account unit in our Global domain.

However the connection is not working the way it should, when I try to change anything in the account unit, I can Publish the changes but in the end I know it does not take any effect. There was a mentioning that the Install Database was automatic when you close the SmartConsole to the Global domain, however this also does not seem to work.

Example of a change was to change the access to the AD servers from plain LDAP (389) to LDAPS (636). Using tcpdump to see what was sent to the AD server revealed in before and after traces that 389 was used all the time. Not even an attempt to use 636 instead.

Anybody any Ideas?

Regards, Maarten

PhoneBoy · ‎2019-10-24

Going to ask a dumb question here: can you do an Install Database manually in the Global Domain?

Maarten_Sjouw · ‎2019-10-24

I wish I could, that would instantly solve issue, the problem also goes for globally installed SmartEvent servers, there I know it works by closing the Smartconsole.
However for AD configuration that just does not work.

Regards, Maarten

PhoneBoy · ‎2019-10-24

Is there just no GUI option for it?
What about fwm dbload on the CLI?

Maarten_Sjouw · ‎2019-10-24

Indeed there is no GUI option in the Global domain. Never tried the cli command, it's worth a try.

Regards, Maarten

Kaspars_Zibarts · ‎2019-11-06

Click to Expand

All I remember is that we tried to use AD LDAP account unit created in Global domain in local domains for IA but it never worked and there was a thread somewhere here about it.. can't find it anymore

CheckPointerXL · ‎2024-06-04

hello Zib

is this limitation still valid? i'm tying to do same thing, but i got:

An error was detected while trying to authenticate against the AD server.
It may be a problem of bad configuration or connectivity.
Please refer to the troubleshooting guide for more help

same LDAP AU configured locally, instead, it works

Kaspars_Zibarts · ‎2024-06-04

I'm afraid I have left my last employer and have no ability to confirm 100% but I doubt that you can connect from Global Domain. You should wait till Q3 when big news are coming regarding IA. @Royi_Priov are there any public materials available already now about those? I don't want to steal the thunder 🙂

CheckPointerXL · ‎2024-06-04

thanks or your reply!

my question of course is, what is useful global LDAP AU for? it seems they cannot work properly..

anyway, from logs, i can see that FW queries by LDAP the AD inside the Global LDAP AU, but no answer....

Kaspars_Zibarts · ‎2024-06-04

Discussion here is about using Global Domain within CP Multi Domain Management environment. Seems like you are mixing it up with AD AU?

If you are using MDM to manage large single organisation, than ability to use Global Domain would remove the need to connect every single management domain (aka CMA) to AD separately.

CheckPointerXL · ‎2024-06-05

ok sorry for the wrong thread

anyway the goal here is to use Global LDAP AU from FW to perform the ldap queries to AD, and this is what is not working here

TAC Case just opened

ty

Are you a member of CheckMates?

Global Domain Install database