Just throwing this out there to see if there is some solution.
We want to enable LDAP auth to our PA's for our admins. I have the Auth profile configured and working well as long as the directory server is up.
In the odd case that we have a system failure of the LDAP directory server or a firewall rule inadvertently gets removed that blocks access from the PAs to the directory server, is there a way to have a fallback authentication that used the last known password from the LDAP server (cached login information)? or do we need to have 2 administrator accounts for all of our admins, (one local and one with the auth profile)?
Let me know if this doesn't make sense and I can try to explain further, or just tell me that I am completely off-base trying to do this. That is fine too.
Sounds like you have a requiremet that you cannot 'share' accounts. If that is the case then yes you will need two accounts for each admin. If you are allowed to have a single 'emergency' account, then you can just use the one admin account. I would say have the PAN look at multiple LDAP servers just for this reason.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!