Support Center > Search Results > SecureKnowledge Details
Understanding the behavior of querying multiple LDAP servers Technical Level
Solution

Explanation about querying multiple LDAP servers:

  1. Proximity:

    1. Check Point software does not detect proximity of LDAP servers. Check Point software acts according to the configured servers' priorities. If the servers' priorities are configured according to proximity, then it will work as expected. The administrator can choose to configure priorities according to proximity.

      SmartConsole - 'Servers and OPSEC Applications' tab - Servers - LDAP Account Unit - LDAP Account Unit object - Properties - 'Servers' tab

    2. Check Point offers the flexibility to choose different set of priorities for LDAP servers per Security Gateway and to override the default Account Unit priorities at the Security Gateway's level.

      SmartConsole - Security Gateway's object - open 'Other' - click on 'User Directory' / 'SmartDirectory (LDAP)' - under 'Account Units query' - check the box 'Selected Account Units list' - in the 'Selected AUs' list choose the relevant LDAP Account Units - under 'Servers priorities for selected AU' - uncheck the box 'Use default priorities' - set the priorities on the Security Gateway's level

    3. Check Point plans to introduce in the future a capability to recommend the administrator about the optimal priority configuration per Security Gateway, based on proximity calculation.


  2. Round-robin:

    1. Round-robin in the same-priority servers list is not a load balancing method. It is just a method of choosing the next available LDAP server. Queries are distributed over the defined LDAP servers with the identical lowest priority.

 


 

Related documentation:

Note: This solution provides an expanded about querying multiple LDAP servers. In case of doubts, refer to the information provided in this solution.

The documentation below provides general information:

  • R60 / R61 / R62 / R65 SmartCenter User Guide
    Chapter 10 SmartDirectory (LDAP) and User Management -
    The Check Point Solution for Using LDAP servers -
    The SmartDirectory (LDAP) Schema -
    Account Units and High Availability

  • R70 / R71 / R75 Security Management Administration Guide
    Chapter 10 SmartDirectory (LDAP) and User Management -
    The Check Point Solution for Using LDAP Servers -
    The SmartDirectory (LDAP) Schema -
    Account Units and High Availability

  • R75.40 / R75.40VS, R76, R77 Security Management Administration Guide
    Chapter 2 LDAP and User Directory -
    Account Units -
    Account Units and High Availability
This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment