Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hllrdm
Participant

Identity Awareness Collector does not synchronize with the AD server

We encountered a problem that Identity Awareness Collector is not synchronizing the information with the AD server.
It does not automatically detect an account from the AD server that is in the LDAP group to the Access Group in the SmartConsole, so users cannot go online even though they are in the access group.
We enabled the #pdp idc groups_update on parameter and updated the user information with the #pdp update specific command , but no result.
For example, I log in to the workstation with my account and when I view #pdp monitor ip I see my user, then another user logs in to the same workstation and when #pdp monitor ip it shows my account and not the account of the new user.
How can we trawl this problem?
Maybe Identity Collector can increase synchronization interval with AD server and set it automatically? Maybe someone has encountered this problem and knows what command to enter to make this automation work. R81 cluster.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

0 Kudos
abihsot__
Advisor

Hmm, I was wondering what is the reason this is off by default on IDC (sk169120)? Does it mean that Checkpoint do no recommend having it ON for IDC?

 

Automatic LDAP Group Update -> AD-Query
Identity Awareness automatically recognizes changes to LDAP group membership and updates identity information, including Access Roles.
Is on by default.

Automatic LDAP Group Update -> Identity collector
Is off by default.

0 Kudos
PhoneBoy
Admin
Admin

Maybe @Royi_Priov can comment on why this is.

0 Kudos