If a global catalog is not an option to enter here, simply add another directory for your other domain and each of the directories will be searched. If you have a Global Catalog that will provide searchability to both or all of your domains, use a Global Catalog instead of a single Active Directory-this may help speed up the lookups. If you have multiple domains, you can add more Active Directory entries to cover those domains. Consumer Matching Rules - SEMS can match a consumer's enrollment username to this LDAP Directory using a regular expression.Base Distinguished Names - Enter or browse for a Base DN for your domain.Note: Click the Test Connection button to verify you can successfully connect to the LDAP server. Binding determines the permission granted for the duration of a connection. This value is used to initially bind (or log in) to the directory server. Type an appropriate value in the Bind DN field.Type a Name and select a Type of LDAP directory.Below LDAP Directories, click Add LDAP Directory.Click Consumers and then select Directory Synchronization.Log into the SEMS administrative interface.You can use Softerra LDAP Browser to get another perspective of binding to the user. This user is in charge of finding users for authenticating them that they are proper users, and if it can't find users, then other processes can fail, such as user enrollment and grouping. You can use any of a number of directories with Symantec Encryption Management Server, although directories that more closely conform to the OpenLDAP or X.500 standards work best.Įnsure the Bind DN user has the appropriate permissions in order to traverse the LDAP directory (Active Directory). When using LDAP, the IP address of the domain controller is allowed, however, when using LDAPS, ensure you use the FQDN of the DC or the connections will fail. Important Tip: Symantec highly recommends using LDAPS for secure communications from the PGP server to the LDAP directory as authentication operations are taking place behind the scenes.
Symantec Encryption Management Server (SEMS) supports LDAPv2, LDAPv3, and LDAPS. During enrollment, if a user exists in the directory, they are added to the system as internal users and placed in the corresponding policy for their user account. When using Directory Synchronization, Internal Users come only from the directory you specify when you enable Directory Synchronization.
Directory Synchronization allows you to assign different user polices to specific internal user groups.
0 kommentar(er)
