Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
81828384858687888990
Chapter 8 Troubleshooting LDAP Servers and the AMC Configuration Issues
Advanced Technical Reference Guide 4.1 June 2000 84
Member
objectclass
These indexes reduce lookup time, but there is a trade-off between faster lookup times and the extra disk space
needed to store the additional indexes. (See Known limitation for search related issues).
Schema Checking
The LDAP schema is a description of the structure of the data in an LDAP directory.
Each LDAP should have instructions regarding the way to set the VPN-1/FireWall-1 Schema.
When schema checking is enabled, LDAP requires that every object class and its associate’s attributes be
defined in the directory schema.
When you first begin to use VPN-1/FireWall-1 Account Management, you should confirm that schema
checking is enabled (you can check the error logs to see if there is anything wrong with the schema).
Each LDAP has its own way of setting the VPN-1/FireWall-1 schema. Schema configuration issues are the
most frequently encountered LDAP issues.
See the following Solutions in the Check Point Technical Services site
How to access the FireWall-1 LDAP schema (Solution ID: 55.0.1120086.2568794
) in the Check Point
Technical Services site
See instruction for how to set the VPN-1/FireWall-1 Schema on NDS
See the following solutions for VPN-1/FireWall-1 Schema Issues in the Check Point Technical Services
SecureKnowledge:
How to use LDAP without implementing the VPN-1/FireWall-1 Schema on the LDAP Server? (Solution
ID: 10043.0.460391.2521903
For more configuration issues, see the following solutions:
Is filter used by VPN-1/FireWall-1 when searching the ldap directory for user groups adjustable? (Solution
ID: 10043.0.5520134.2585567)
How to create a new Netscape LDAP Server on Netscape LDAP 3.x? (Solution ID:
10022.0.1178630.2444127)
This applies to AMC version AMC127 and above.
Ensuring compatibility between the AMC and the specific LDAP
server
You may need to edit the AMC.properties file, in order to ensure compatibility between the AMC and the
specific LDAP server.
The following properties are defined in the AMC.properties file located in the
Properties/CheckPoint/Account Management/ directory.
Table 1: AMC.properties
AMC Property Meaning