When using a LDAP Browser to browse the PGP Universal Server LDAP keyserver, all the PGP Universal Admin users are shown in the subfolder O=Prefs.
This is considered as a possible security risk by some companies. There is no direct error or problem involved in showing the Admin users, as long as all of them have a strong passphrase.
Changing the behavior of the LDAP keyserver involves adding a preference policy to the Universal Server via SSH. It is highly recommended to open a support incident to get help by Symantec Support to implement these changes.
Steps needed to change the keyserver:
Open a SSH connection to the Universal Server (see KB Article "How to get SSH access to the Universal Server")
Open the file /etc/ovid/prefs.xml with either nano or vi
Add <enable-pgpadmin-pref-access>false</enable-pgpadmin-pref-access> after the <public-url>: <keyserver> [...] <public-url>ldap://keys.domain.com</public-url> <enable-pgpadmin-pref-access>false</enable-pgpadmin-pref-access> </keyserver>
run the command pgpsysconf --restart ldap
This will disable the visibility of the Admin users over LDAP.
Imported Document ID: TECH156276
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.