This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
surajshinde
Contributor
‎2021-06-03 07:25 AM
Jump to solution

Unable to delete LDAP Account Unit.

Dear Team,

In preset we have multiple LDAP account Unit and we want delete it and create single unit with multiple AD sever with setting of " User Directory" .

We have Achieved it but unable to delete old LDAP account unit. it is showing Error"  Object is Used by policy or by other object". Please find attached error screen shot. 

Where as we removed it from all other object and policy. we have check with it "View Details" noting is showing.

How can i delete this LDAP account unit?

Check Point Manager : R81 take 23

Gateway: R81 take 13

LDAP_OBJ_Delete_error.JPG
Preview file
25 KB
0 Kudos
1 Solution

Accepted Solutions
surajshinde
Contributor
‎2021-06-05 12:38 AM
In response to Tobias_Moritz
Jump to solution

Hello Tobias_Moritz,

Thank You...!

It worked. I have checked in GuiDBedit Database and that object "ad_group_IT_Users" was there. I have verify & delete this object.

After this object deletion, i am able to delete LDAP account unit that belongs to this object. 

View solution in original post

0 Kudos
5 Replies
Wolfgang
Authority
Authority
‎2021-06-03 11:34 AM
Jump to solution

@surajshinde  right click on the LDAP-AccountUnit and use „where used“. Then you know from where to have to remove the object.

As the messages states, objectors in use in another configuration. There it should be removed before deleting.

surajshinde
Contributor
‎2021-06-04 12:07 AM
In response to Wolfgang
Jump to solution

When we tried to check " where used" it showing empty. PFA. 
Is there any latent way to identify where it is used from CLI.

object.JPG
Preview file
29 KB
0 Kudos
surajshinde
Contributor
‎2021-06-04 02:47 AM
In response to surajshinde
Jump to solution

Dear Team,

I have checked in Smart Dash board and found one entry. PFA. But unable to delete that object.

Also this object not find through Smart console.

How can i delete. 

 

smartDashboard.JPG
Preview file
98 KB
0 Kudos
Tobias_Moritz
Advisor
‎2021-06-04 06:38 AM
In response to surajshinde
Jump to solution

I guess you have an Access Role in your database which still references to this AD group object while this AD group object references to the LDAP Account Unit you want to delete. Use CPMI (GuiDBedit for example) to search for this object (ad_group_IT_Users).

When you found the Access Role(s) which use(s) this ad group object, remove the ad group from this Access Role object(s) using SmartConsole. After that (at least after publish and install database), try to remove the LDAP Account unit again.

If it is still saying it is in use, then use GuiDBedit to search for other references for the LDAP Account Unit, SmartConsole is not able to find with its where-used feature.

The main problem here it, that SmartConsoles where-used feature cannot display all references of all objects. CPMI usually can.

surajshinde
Contributor
‎2021-06-05 12:38 AM
In response to Tobias_Moritz
Jump to solution

Hello Tobias_Moritz,

Thank You...!

It worked. I have checked in GuiDBedit Database and that object "ad_group_IT_Users" was there. I have verify & delete this object.

After this object deletion, i am able to delete LDAP account unit that belongs to this object. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top