The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Identities are not saved on PDP because the LDAP SSL fingerprint is not matched
Technical Level
Solution ID
sk127833
Technical Level
Product
Identity Awareness
Version
R80.10, R80.20
OS
Gaia
Date Created
27-May-2018
Last Modified
07-May-2019
Symptoms
The user configured LDAP account unit servers to work with SSL.
Although the SSL fingerprint was changed on the server, it was not updated in SmartConsole.
The following error appears in the PDP debug: @ . . . [Date & Time] ldap_ctx_fingerprint_check: ldap_async: SSL finger print does not match
Cause
AD Query sometimes requires a specific server to resolve LDAP group membership. If the SSL fingerprint verification fails, a fail back to another server will not occur.