Relevant IKP: https://indeni.atlassian.net/browse/IKP-1127
( hoping you'll get a chance to look at this)
The bug is: if we don't find any ldap fingerprints, the multistep variable is empty, so the multi step script errors out and logs a warning.
One idea is to add an interrogation step to determine in advance whether or not the device is using LDAP; if it's not, don't run the script (via requires).
So, can anyone think of a "good" way to determine if a Checkpoint device is using LDAP? Good == easy, lightweight. Hoping not to to have to parse objects.C.... Liz found fwldap_UseLDAP in objects.C, but I see this set to false even on a device using LDAP (I think).
Another idea is to (somehow) find out whether or not Identity Awarness is enabled. But, I think that even if the device is using Identity Awareness, it may or may not be using LDAP...?
Any thoughts here welcome.