Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

LDAP Intergration with the SES

Created: 31 Mar 2014 | 6 comments

Hello all.

I have few questions if anyone can give us some leads.

I have been reading a lot about the Symantec Encryption server and found a documentation that talks about the SES Intergration with LDAP and I'm wondering if we still have to so the Schema update on the LDAP server so that it can pull all the users informations?

the reason why is that I'm experiencing few issues with this subject, basicaly I have created a security group where i've added few test users to this group but when they logon to their profile they do not get the PGP enrollement/AD authentication (username and password) but if I play around with the Base Distinguished Names and point to the users individualy all works fine and they are athneticated the SES.

appreciare your help all.

Thanks

Operating Systems:

Comments 6 CommentsJump to latest comment

dcats's picture

Hi mourad.b,

Please check this article:
Directory Synchronization (LDAP Authentication) - Symantec Encryption Management Server - TECH149769.

In short:
- First, you will need to configure and enable the Directory Synchronization for the SEMS. Configure also the SEMS setting for LDAP enrollment.

- After, configure the group membership using LDAP attributes to map the users into the Consumer Groups. Use a tool like dsquery or Softerra LDAP browser to find the proper attributes/values. See also: https://www-secure.symantec.com/connect/forums/uni...

Additional reference: Enable Directory Authentication to Enroll Encryption Desktop Clients - TECH149805.
 

HTH,
dcats

Alex_CST's picture

You should be able to point to that Security Groups BaseDN and click on test and it'll show the first 5 users resolved from that group to test if it works.  As dcats said, use dsquery on a DC to determine the correct LDAP address for that group

Please mark posts as solutions if they solve your problem!

http://www.cstl.com

mourad.b's picture

Appreciate your help guys,

this is all set but the only way i can allow the users to enroll onto the PGP server is through the OU's.

we have around 20 OUs and most of the laptops users are dispatched between these OUs, I only want certain users who are part of this PGP Sercurity group to enroll but this not seem to be working even when added this group CN.

CN=PGP_Encryption_Laptop_Users,OU=Information Technology,OU=Security Groups,DC=my domain,DC=com

but working when i add the OU where the user is located

OU=Sales Engineering & Sales,OU=Users Location,DC=mydomain,DC=com

Just to add : I can see my PGP_Encryption_Laptop_users CN group on the Sample Records on the LDAP Sample Records as per Alex_CST

see below

Please advise and thanks again for your help.

2014-04-01 14_48_43-Symantec Encryption Server - LDAP Sample Records - Internet Explorer provided by.png
dcats's picture

Hi mourad.b,

I'm not sure if that CN is placed where you need it.
In the Base DN you point the place from where the ldap search starts (as nearer the ".com" more search space you allow).

If you want to map to a single Consumer group every user with that CN in a certain attribute, you need to enter the attribute/value pair in the mapping configuration of the group in the Consumers > Consumer Group settings.
 

HTH,
dcats

R_Sran's picture

Please ensure that Directory syncronisation is enabled.

R_Sran's picture

To Enable LDAP Directory Synchronization

  1. Log into the SEMS administrative interface.
  2. Click Consumers and then select Directory Synchronization.
  3. Click Enable.
  4. Below LDAP Directories, click Add LDAP Directory.
  5. Type a Name and select a Type of LDAP directory.