[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server

To: Fw-1-Mailinglist <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: RE: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server
From: Kerry Baker <k.baker@cantva.canterbury.ac.nz>
Date: Fri, 08 Oct 1999 12:20:08 +1300

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


> Hi all,
> Has anyone successfully configured LDAP on FW-1 using an Innosoft LDAP
> server?
>
...
>
> When I configure the LDAP Account Unit in the Security Policy and
> I click on
> 'Fetch' I get the error "LDAP server does not have information on
> branches."
> When I configure an Account Unit with the Account Management Client and
> click 'Fetch' I get "Sorry, no branches could be retrieve from
> LDAP server."

I have found what the problem was.  It may affect other LDAP servers so here
is the answer for future reference.  According to Innosoft:

"Innosoft have seen the same error message during in-house testing of
Firewall-1.  It is a bug in the Firewall-1 Account Management Client, where
it sends an invalid LDAP search request when you click on the "Fetch"
Branches button during configuration of the Account Unit.  They reproduced
this using Firewall-1 V4.0 fo NT and found that IDDS was complaining about
an attribute it received which had the name " ".  Innosoft reported this to
Checkpoint come time ago who said it would be fixed in the next version.  By
an amazing coincidence, Netscape DS accepts that same invalid search
request."

The work around is to explicitly add the branch rather than use the Fetch
button.  After that it works like a charm.

***FLAME TIME***
I reported this problem to Checkpoint tech support also and as usual I am
still waiting for a response.  I don't expect one either unless I prompt
them.  every single problem I have reported to them takes months to get a
satisfactory answer to.  Meanwhile I have usually found the solution either
on Phoneboys's site or this mailing list.  Checkpoint buck up your ideas.
I'm sick of complaining to you about your slack technical support.


Kerry.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] ftp reject "reason: tried to open up other host port"
Next by Date: RE: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server
Prev by thread: RE: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server
Next by thread: RE: [FW1] HELP! Problem configuring LDAP w/ Innosoft Directory Server
Index(es):
- Date
- Thread