I'm looking to convert User Authority access from UA user/group access to LDAP group access. We currently have users authenticating to one of two domains (ABC.COM and XYZ.COM), to access resources in ABC.COM. All Active Directory groups and the corresponding CheckPoint LDAP groups used will be from ABC.COM. ABC and XYZ domain users will be added only to ABC AD groups appropriately.
The scenario is: XYZ user tries to access a resource in ABC via UA. ABC Domain Controller queries the UA client in XYZ. XYZ UA client replies with userID and Domain (XYZ). My question is: When the ABC DC receives the UA client's reply with the XYZ domain, will the ABC DC then look up the user in its own AD or query XYZ and return XYZ group membership to the firewall? If XYZ groups are returned to the firewall for any XYZ user, this is a very disappointing development. Will not be able to use LDAP integration. Please help. Thanks for any help!!!! ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
