Enabling LDAP referrals can cause PGP Desktop enrollment to fail to PGP Encryption Server (Symantec Encryption Management Server)
search cancel

Enabling LDAP referrals can cause PGP Desktop enrollment to fail to PGP Encryption Server (Symantec Encryption Management Server)

book

Article ID: 153238

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

If your LDAP directory is not configured for LDAP referrals, but Enable LDAP Referrals is enabled in Directory Synchronization of the PGP Encryption Server (Symantec Encryption Management Server), existing internal users may be removed from their group policy, or enrollment with the server may fail with the following error:

The configuration server rejected your credentials.

 

Cause

The PGP Encryption Server has support for LDAP Referrals. LDAP Referrals provide the ability to query other LDAP servers for users. If the LDAP server (e.g. Microsoft Active Directory) does not support LDAP referrals, or is not being used, enrollment will fail. Users who are already enrolled on the PGP Encryption Server will either be put into the Default policy or disabled if Exclude non-matching users by default is selected.

Resolution

Disable LDAP Referrals on the PGP Encryption Server: 

  1. Login to the PGP Encryption Server administrative interface.
  2. Click the Policy card.
  3. Select the Internal User Policy card.
  4. Click on Directory Synchronization button.
  5. Remove the check mark next to Enable LDAP Referrals.
  6. Click Save to apply the change.

NOTE: In PGP Encryption Server 3.2, the Enable LDAP Referrals option can be located in Consumers > Directory Synchronization> Settings (a button at the very bottom of the page).