Make sure that the LDAP servers are configured in ePO. To verify the servers that are currently configured, perform the following steps:
- Log on to the ePO console.
- Make sure that the correct LDAP servers are pushed to DLP Prevent. To verify, navigate to Menu, Policy Catalog, DLP Prevent Server, Users and Groups, <policy name>, LDAP Servers in the ePO console.
- If the LDAP servers are not selected, select them on this screen.
- If the LDAP servers are not present, make sure that the configuration for each server is correct (Menu, Configuration, Registered Servers in the ePO console). Or, configure a new LDAP server. (See the following steps for instructions.)
To configure a new LDAP server:
- Select Menu, Configuration, Registered Servers, then click New Server.
- From the Server type menu, select LDAP Server, specify a unique name and any details, then click Next.
- Choose OpenLDAP or Active Directory in the LDAP server type list.
NOTE: The following steps assume that you are configuring an Active Directory server. OpenLDAP-specific information is included where needed.
- Enter either a Domain name or a specific server name in the Server name section. Use DNS-style domain names (internaldomain.com), fully qualified domain names (FQDN), or IP addresses for servers (server1.internaldomain.com or 192.168.75.101).
NOTE: Using domain names gives failover support and allows only servers from a specific site to be chosen. OpenLDAP servers can only use server names and can't be specified by domain.
- Choose Global Catalog (if needed). This option is deselected by default.
NOTE: Global Catalog is not available for OpenLDAP servers.
IMPORTANT: The Global Catalog can provide significant performance benefits; but, you must only select it if the registered domain is the parent of only local domains. If non-local domains are included, chasing referrals can cause significant non-local network traffic and severe negative performance impact.
- If you did not use the Global Catalog, choose whether to Chase referrals or not.
IMPORTANT: Chasing referrals can cause performance problems if it leads to non-local network traffic. It does not matter whether you use the Global Catalog.
- Choose whether to use SSL when communicating with this server or not.
- If you are configuring an OpenLDAP server, enter the port.
- Enter a user name and password as indicated.
NOTE: These credentials must be for an administrator account on the server. Use the domain\username format on Active Directory servers and cn=User,dc=realm,dc=com format on OpenLDAP servers.
- Either enter a site name for the server or select it by clicking Browse and navigating to it.
- Click Test Connection to verify communication with the server. Alter information as needed.
- Click Save to register the server.