The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Nested groups are not fetched on state 2
|
Technical Level
|
Solution ID |
sk166199 |
Technical Level |
|
Product |
Identity Awareness |
Version |
R80.10, R80.20, R80.30, R80.40, R81 |
OS |
Gaia |
Date Created |
06-Apr-2020
|
Last Modified |
11-Jan-2021
|
Symptoms
- In Identity Awareness, some access policy rules with Access Roles are not matched
- The command pdp monitor user XXX shows that direct groups are fetched correctly, but nested groups are not fetched
- The command 'pdp nested_groups status' shows Enabled - mode 2
- LDAP query is sent over port 389 or 636
- Pdpd debug (' pdp debug set all all ') shows an empty DN:
[RootId = 74822] server = Server_name, Search[ dn = '', Params[ scope = 2, filter = '(&(objectCategory=group)(member:1.2.840.113556.1.4.1941:=CN=User,CN=Users,DC=example,DC=com) )'
Cause
When the query is done over port 389 or 636 the LDAP server expects to receive a base distinguished name. The Security Gateway does not send it.
Solution
|
Note: To view this solution you need to
Sign In
.
|