This article describes how to enable Directory Synchronization to enroll Symantec Encryption Desktop clients (previously PGP Desktop).
Directory Synchronization allows you to assign a consumers to a specific consumer group based on the consumer's presence in a specified LDAP directory, or based on matching directory attributes you specify.
Prior to enabling clients to use Directory Authentication, you must enable Directory Synchronization and configure an LDAP directory which the Symantec Encryption Management Server (SEMS) will use to match user credentials. For more information on enabling Directory Synchronization see the following articles:
- Enable Directory Synchronization - Symantec Encryption Management Server
- User Principal Name for Symantec Encryption Management Server Directory Synchronization
After configuring your Directory Synchronization settings, use the following steps to enable the clients to use directory authentication.
- Log in to the SEMS admin interface.
- Click Consumers > Directory Synchronization.
- On the Directory Synchronization page, click Settings. The Directory Synchronization Settings are displayed.
- Place a checkmark next to Enroll clients using directory authentication.
To change the behavior of Directory Synchronization when a user cannot be matched to a specific LDAP directory based on any consumer matching rules, select an option from the drop-down menu of choices. Your choices are:
- Look for the consumer in all ordered LDAP Directories - If the consumer cannot be matched to a specific directory, then search all LDAP Directories specified for this server, in priority order. (You can define the order that directories are searched on the Directory Synchronization page.)
- Only look for the consumer in the first ordered LDAP Directory - If the consumer cannot be matched to a specific directory, then search only the first (highest priority) LDAP Directory specified for this server. If not found in the first ordered directory, the consumer is rejected.
- Reject the consumer If the consumer cannot be matched to a specific directory based on the consumer matching rules, reject the consumer.
- Click Save.
Note: You can also enable the Enable LDAP Referrals option which allows SEMS to query referred LDAP directories when searching for user information.