HI,

Check this thread

https://www-secure.symantec.com/connect/forums/active-directory-authentication-whole-group

https://www-secure.symantec.com/connect/forums/dlp-and-ad-intergration

what is teh AD OS?

hi HX,

 As DLP having very strong and secure authentication mecahnism, you need to configure and verify below facts. you can directly create user account to DLP apps/AD Auth/SPC are some option.After succesfull integration with AD u must add them in DLP enble.

AD Authentication and a LDAP query are two different things.  To perform an AD authentication you need to configure the krb5.ini file (windows) or the krb5.conf file (Linux).  then run a command.  See the admin guide for DLP 10.5 and search for krb5 and it will take you to the page for AD Authentication. 

Domain user names entered for login must match the user names defined in DLP.

When setting up Active Directory authentication you need to make sure that domain user names match what has been created in the Users section of the DLP UI. Also remember that DLP user names are case-sensitive even if Active Directory is not.

For example, in DLP you can define two apparently identical user names; Jsmith and jsmith. The difference is only in the case of the first letter, but DLP considers them to be unique since the user names are case-sensitive. Both names, if entered, would authenticate against a domain user name jsmith. However, if the DLP user is created as JSMITH and you attempt a login as jsmith you will get a login failure message.

Users must be part of a role in DLP to be able to login

It is not sufficient to create a user in Vontu that matches an existing domain user. The user must also be assigned to a role within Vontu, otherwise you will be unable to login.

Also refer below link for detailed refe

Hello,

I have same issue. AD user authentication is works correctly. But AD authentication isn't work from my own application, that connect with Reporting API. I can connect only with Administrator account. How I can use username from AD for the Reporting API?

For both of you having problems, double check that the role and/or users are enabled to use the API.

JGT

The role isn't reason of this issue.

I contacted with team of Symantec Support and got a link to the Article ID 53354 of the Data Loss Prevention Knowledgebase.

From the Knowledgebase:

Make sure the following syntax is used to provide AD user details in the Reporting API client -

<Username>:<Active_Directory_Domain_In_Upper_Case>

OR

<Role>\<Username>:<Active_Directory_Domain_In_Upper_Case>

For example:

jdoe:ACME.COM
superuser\jdoe:ACME.COM

Information from that article is a direct answer to the question.