I am planning a migration of a simple VPN-1 gateway, NG w/ AI on a Dell 1750 with all user accounts stored locally in policy, to a more robust implementation whereby user identification is done via LDAP to the Active Directory server. That way, users can be granted Secure Remote access simply by adding them to appropriate groups in AD. All user AUTHENTICATION is done via hardware token (which works fine).

Currently, I would have to allow admin's to make policy changes to the users section in the FW database for them to be handle and complete user access requests. I'm NOT teaching a whole helpdesk how to use ONLY the user management portion of Smart Console, nor am I granting them this level of access. :ugh:

However, the point of my post is this:
I was describing this to a colleague, who contends that there is an inherent weakness in this version of CheckPoing VPN-1 and LDAP user management. She hasn't provided details (I've asked...) and I can't run down anything. I've googled this ad naseum without finding anything recent. Anyone have experience with this who can comment on what she is talking about?