That's an easy one:
fw dbexport -f exportfile.ldif -l -s O=subtreename
that generates an ldif file that you can import straight into your LDAP
server.
Do make sure that you've got the right schema extensions in your LDAP
server before your start this one. Otherwise you can edit this file
(edit/replace) in order to transfer the format into something you can use.
Kind rgds,
Patrick Coomans. 4all NetWorks, your Networking
partner! Molenstraat 65 - 2840 Reet - Belgium Tel +32-3-880.75.75
Fax 880.75.71
" Over-reliance on experience leads to making
the same mistakes with increasing levels of confidence.
" >>> "Qaadir Haamid" < [email protected]> 02/05/01
16:30 >>>
Hi,
I saw your message on the mail list. Did you have an existing user database
on your firewall. If so how did you transfer the user information to the LDAP
server? I am trying to setup a LDAP server but I am dreading manually moving all
of my user information.
Thanks
Qaadir
>From: "Patrick Coomans"
>To:
>Subject: Re: [FW1] LDAP
>Date: Fri, 27 Apr 2001 18:15:13 +0200
>
>Jonathan,
>
>I did a several succesfull integrations with Novell's eDirectory
(NDS) LDAP v3 server. What you need to do is take the .LDIF file from your FW1
CD and use that to extend the schema of your LDAP server. In that way you can
specify ecerything in your LDAP tree with your preferred LDAP management tool.
>
>Another way is that you choose the default settings for
authentication in the LDAP Server properties of your fw1 and then you don't have
to extend your schema: your fw1 will use its default settings and just search
for objectname=user.
>
>Kind rgds,
>
>
>
>
>Patrick Coomans.
>4all NetWorks, your Networking partner!
>Molenstraat 65 - 2840 Reet - Belgium
>Tel +32-3-880.75.75 Fax 880.75.71
>
> " Over-reliance on experience
> leads to making the same mistakes
> with increasing levels of confidence. "
>
>
>
>
> >>> "Jonathan Zuilkowski"
27/04/01 16:14 >>>
>
>Hi.
>
>I'm trying to figure out how checkpoint ties in to ldap.
>
>What I need to know specifically is what attribute combination I
need for a
>user to be able to use secureremote/secureclient with IKE only
and password
>(no digital certificate).
>
>This shouldn't be rocket science, but I'm continually referred to
the AMC.
>
>I have a different department that manages these accounts and I
don't want
>them to have that much access to my LDAP tree because I also use
it for
>other things.
>
>That's why I've built a web based management app that restricts
what they
>can get to.
>
>When I tried what I thought would make it work, I got the message
in
>secureremote that said there was no preshared secret.
>
>What hash method does the preshared secret use? crypt?
>
>If anyone has successfully implemented checkpoint with LDAP
without the
>annoying Account Management Client, please tell me how.
>
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>
>
>================================================================================
> To unsubscribe from this mailing list, please see the
instructions at
> http://www.checkpoint.com/services/mailing.html
>================================================================================
>
>
>
Get your FREE download of MSN Explorer at http://explorer.msn.com
|