[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Windows2000 LDAP authentication
One of the problems with this is that the Checkpoint AMC requires Schema
Checking to be turned off ... I really would not want to even attempt this
on Win2k. I looked into this in-depth a while back and found some
discrepencies with the way the Checkpoint AMC creates it's objects. If you
manually add all the required OC's and attributes to the AD schema, you will
find that you can add some of the fields to existing users, however, you
will get errors sometimes when updating.
I am tempted to write an add-on for Win2k to add Checkpoint properties to a
user in the same way that Exchange works. I don't want to waste time if
Checkpoint addresses this issue in the next release though ... an ASP/ADSI
script would be enough to make this work, although I would prefer a proper
Active Directory Users and Computers extension though.
-----Original Message-----
From: Tim Holman [mailto:[email protected]]
Sent: 27 March 2001 17:50
To: Rodney Lacroix; [email protected]
Subject: Re: [FW1] Windows2000 LDAP authentication
It SHOULD be as simple as creating an LDAP account unit and bind, but a lot
of common OIDs are missing from W2K LDAP - you'll need to add these, or
change them according to what Checkpoint needs.
I ran into a problem integrating a mail server with W2K LDAP and ended up
pointing it at a Netscape LDAP server, instead which works as you'd expect
it to.
Documentation is lacking concerning Active Directory / LDAP - I realise it's
fully capable, but why spend time messing around with it when Netscape can
do the trick more or less out of the box ?
:)
Tim
----- Original Message -----
From: Rodney Lacroix <[email protected]>
To: <[email protected]>
Sent: 27 March 2001 15:41
Subject: [FW1] Windows2000 LDAP authentication
>
> Has anyone tried using the Windows2000 user database as the LDAP
authentication point for VPN access? If so, is it as simple as creating the
LDAP object and bind (as normal), or is there more to it?
>
> Any help is greatly appreciated.
>
> Rodney Lacroix
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
________________________________________________________________
The information contained in this message is intended only for the recipient, may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer.
Thank you,
Standard & Poor's
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================