McAfee Web Gateway LDAP settings (product guide vs reality)
I am attempting to fine-tune our enterprise policy as it relates to LDAP(s) AD group lookups.
During the course of this investigation I looked at the options that exist (as of 10.2.7) and attempted to marry those settings up with descriptions in the product guide (also for 10.2.x) and there are very few overlaps
For example: "Force new Connection if live check fails" there is no mention in the product guide about this , nor under what circumstances you might want to have this enabled or disabled.
The product guide references "LDAP operation timeout" but there is no setting named that in 10.2.7, the closest is "LDAP SEARCH operation timeout" which is measured in seconds.
The "connection live check" is listed in both, however it is unclear which setting is used when considering the timeout value of an LDAPs connection. (LDAP search operation timeout, LDAP connection time out, LDAP connection poll timeout)
You might say "well obviously its the LDAP connection timeout" and to that i would ask "why is that set by default at 5 seconds, when the poll for it is 8 seconds, and the live check is measured in MINUTES"?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.