hi HX,
As DLP having very strong and secure authentication mecahnism, you need to configure and verify below facts. you can directly create user account to DLP apps/AD Auth/SPC are some option.After succesfull integration with AD u must add them in DLP enble.
AD Authentication and a LDAP query are two different things. To perform an AD authentication you need to configure the krb5.ini file (windows) or the krb5.conf file (Linux). then run a command. See the admin guide for DLP 10.5 and search for krb5 and it will take you to the page for AD Authentication.
Domain user names entered for login must match the user names defined in DLP.
When setting up Active Directory authentication you need to make sure that domain user names match what has been created in the Users section of the DLP UI. Also remember that DLP user names are case-sensitive even if Active Directory is not.
For example, in DLP you can define two apparently identical user names; Jsmith and jsmith. The difference is only in the case of the first letter, but DLP considers them to be unique since the user names are case-sensitive. Both names, if entered, would authenticate against a domain user name jsmith. However, if the DLP user is created as JSMITH and you attempt a login as jsmith you will get a login failure message.
Users must be part of a role in DLP to be able to login
It is not sufficient to create a user in Vontu that matches an existing domain user. The user must also be assigned to a role within Vontu, otherwise you will be unable to login.
Also refer below link for detailed refe