This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.

Reject

Preferences

ABOUT CHECKMATES & FAQ Sign In

Products
Learn
Local User Groups
Partners
- Welcome Partners!
More

Products
Learn
Local User Groups
- Upcoming Events
- Americas
- EMEA
- APAC
  - Korea
  - Mongolia
  - Bangalore
  - Greater China
  - Australia/New Zealand
  - Philippines
  - Japan
  - Singapore
  - India
  - Thailand
  - Taiwan
  - Hong Kong
  - Indonesia
Partners
- Welcome Partners!
More
ABOUT CHECKMATES & FAQ
- About CheckMates & FAQ
- Community Guidelines
Sign In
Leaderboard
Events

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Who rated this post

cancel

Turn on suggestions

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Showing results for

Search instead for

Did you mean:

Vladimir

Champion

‎2019-03-25 09:09 AM

Mark as New
Bookmark
Subscribe
Mute
Subscribe to RSS Feed
Permalink
Print
Report Inappropriate Content

AD User rights for LDAP Account Unit configuration used with Identity Collector

What are the AD user rights required for the LDAP Account Unit configuration when it is supposed to be used with Identity Collector?

In the Identity Collector configuration guide, it states:

Identity collector provides information about users, machines and IP addresses to the Security Gateway. LDAP Account Unit(s) should be configured to allow PDP gateways to perform group lookups on IDs that are provided from Identity Collector to match them to Access Roles.

But all the references to the LDAP Account Unit configuration describe the account as having Admin rights on the domain.

This contradicts the intended deployment model and I do not think it is necessary, if we are simply querying the AD group membership data.

0 Kudos

(1)

Back to post

Who rated this post

DanielNCorreia

Onlooker

Rating date: ‎2022-07-26

About CheckMates

Getting Started & FAQ
Community Guidelines
This Week in CheckMates

Learn Check Point

Check Point for Beginners
Check Point Trivia
CheckFlix Videos

Advanced Learning

Check Point Security Masters
Tip of the Week
TechTalks
Training and Certification

Resources

CheckMates Toolbox
Developers (Code Hub)
Product Announcements
Upcoming Events

Non-English Discussions

Español
French
Japanese
Português
Russian
Chinese

YOU DESERVE THE BEST SECURITY

We’re Social. Follow Us