Scribd
Upload
203 views

Configure Directory Synchronization in Symantec Encryption Management Server

This document provides instructions for configuring directory synchronization in Symantec Encryption Management Server. Directory synchronization allows the server to sync with an LDAP directory like Active Directory so that users from the directory can be automatically added as internal users. The document outlines the 7 steps to enable directory sync which include turning it on, adding the LDAP directory details, testing the connection, and enabling client enrollment using directory authentication. This ensures users added to the directory will be correctly imported and managed by the encryption server.

Uploaded by

rasel9675
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
203 views

Configure Directory Synchronization in Symantec Encryption Management Server

This document provides instructions for configuring directory synchronization in Symantec Encryption Management Server. Directory synchronization allows the server to sync with an LDAP directory like Active Directory so that users from the directory can be automatically added as internal users. The document outlines the 7 steps to enable directory sync which include turning it on, adding the LDAP directory details, testing the connection, and enabling client enrollment using directory authentication. This ensures users added to the directory will be correctly imported and managed by the encryption server.

Uploaded by

rasel9675
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Configure Directory Synchronization in Symantec

Encryption Management Server 


04-27-2014 06:13 AM

yang_zhang

The Directory Synchronization feature of Symantec Encryption Management Server (previously


PGP Universal Server) lets you synchronize your server with an LDAP directory (such as
Microsoft Active Directory) so that internal users can be created from the users in LDAP
directory.

Directory Synchronization allows you to assign different user polices to specific internal user
groups. When using Directory Synchronization, internal users for Symantec Encryption
Management Server (SEMS) can come only from the directory you specify when you enable
Directory Synchronization. If users are in the LDAP directory, they will be added to the system
as internal users. If users are not in that directory, their disks, messaging, or files will not be
managed by server.

Enabling Directory Synchronization allows you to do multiple things:

 Include consumers found in specified directories as internal users or managed devices.


 Prevent specified consumers found in the directories from becoming members of any
group except the Excluded group.
 Include only specified consumers from the directories, allowing them to be added to the
server as internal users or managed devices, and excluding consumers that do not match
the criteria.
 Match certain consumers, based on their attributes in the specified directories, with a
consumer policy group you create.
 When you enable Directory Synchronization, Symantec Encryption Management Server
(SEMS) uses the LDAP directory to help create and enroll internal users.

When users are added to Symantec Encryption Management Server from a directory via
Directory Synchronization, their names, email address, and existing X.509 certificates (used to
secure S/MIME email message) are imported. If certificates are not found, Symantec Encryption
Management Server generates PGP keys (and certificates, if configured for certificates) for these
users.

When Directory Synchronization is enabled, for a user to be correctly added to Symantec


Encryption Management Server, the "mail" attribute must be present in the directory and they
must match the information Symantec Encryption Management Server has about them. The "uid"
attribute must also be present, unless the directory is a Microsoft Active Directory, which
requires the "sAMAccountName" attribte. For example, if Symantec Encryption Management
Server discovers a user with a login name of "ming" and an email address of
"[email protected]", that user must have attribute "uid=ming" and "mail=mingp@example"
in the directory. If these attributes do not match or are empty, the user is not added correctly.

Here is a brife introduction of the configuration of Directory Synchronization in Symantec


Encryption Management Server:

1. Log into Symantec Encryption Management Server, from 'Consumers' tab, select 'Directory
Synchronization', then click 'Enable' button:

2. Make suer the Directory Synchronization is enabled:

3. Click 'Add LDAP Directory':


4. Fill in the necessary information of the LDAP Directory, including the credentials, the IP
address or the host name, the port, and the priority:

5. Click 'Test Connection' button and make sure the LDAP test succeeded:

6. After saving the LDAP directory configuration, click 'Settings' button:


7. Select to enable 'Enroll clients using directory authentication':

Until now, we just finished the configuration of Directory Synchronization in Symantec


Encryption Management Server, then the internal users will be created from the users in the
LDAP directory.

You might also like