Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
919293949596979899100
Chapter 8 Troubleshooting LDAP Servers and the AMC Working with the AMC
Advanced Technical Reference Guide 4.1 June 2000 88
changetype: delete
control-d to end the input
5. The following message appears:
deleting entry ou=name,o=name
6. Close and restart AMC to reflect the changes.
Creating a Tree Object
If a “X” overlies a node in the tree, then one of the following conditions is true:
It is defined in the slapd.conf file (on the LDAP Server) with the suffix parameter, but it does not exist
in the LDAP directory.
It is defined as a branch in the Account Unit, but is not defined in slapd.conf with the suffix parameter.
In the first case, you can create the object in the LDAP directory by:
Right-clicking on it and choosing Create this Object from the menu, or
Selecting it and choosing Create Tree Object from the File menu.
In the second case, the object cannot be created with the Account Management Client, because it must already
be present in slapd.conf.
Modifying slapd.conf (on the LDAP Server)
The slapd.conf file usually contains definitions of the root branches. You can modify the slapd.conf
file in two ways:
using any text editor
using your LDAP Server’s configuration utility
Defining Users
Before creating a user, group, or organizational unit, be certain that Schema Checking is enabled. (Regarding
the VPN-1/FireWall-1 schema see Schema Checking, on page 84.
Problem: Cannot create LDAP groups with the AMC (Account Management Client), while using the New
Group icon (Solution ID: 10043.0.6499710.2614415) in the Check Point Technical Services site.
Workaround: Use the title bar, choose File New Group
The LDAP server
Important: Both VPN-1/FireWall-1 and LDAP user databases cache users, so any change in the users definition
will take effect after policy installation or cache timeout.
For example, if you delete a user from a group and only install the User Database, that user will still be allowed
access under Client Authentication rules.
When do the changes take effect?
If you make changes using the AMC, your changes will effect VPN-1/FireWall-1 only after one of the
following happens: