How internal user databases work
The Management Server includes an integrated LDAP directory for storing user information.
The Management Server’s internal user database can be used for authenticating users with passwords. Using an internal LDAP directory is the simplest choice when there is no specific need to have an external LDAP server.
When the Management Server’s internal LDAP directory is used, the user and user group information is stored on the Management Server. Each firewall node stores a replica of the user database, and any changes to the main database are replicated immediately to the firewalls. This way, the firewalls can access their local directories instead of constantly communicating user information over the network.
Note: It is not possible to give external components (such as external authentication servers) access to the Management Server’s internal LDAP directory.
If Domain elements have been configured, the Internal LDAP directory belongs to the Shared Domain. This means that the administrators who log on to some other Domain are allowed to view the contents of the Internal LDAP directory. If all user information should not be available to administrators in all Domains, you must use an external LDAP directory in each Domain.