Enabling LDAP referrals can cause PGP Desktop enrollment to fail
search cancel

Enabling LDAP referrals can cause PGP Desktop enrollment to fail


Article ID: 153238


Updated On:


Symantec Products


If your LDAP directory is not configured for LDAP referrals, but Enable LDAP Referrals is enabled in Directory Synchronization of the PGP Universal Server, existing internal users may be removed from their group policy, or enrollment with the server may fail with the following error:

The configuration server rejected your credentials.



PGP Universal Server 2.5.x and above now has support for LDAP Referrals. LDAP Referrals provide the ability to query other LDAP servers for users. If the LDAP server (e.g. Microsoft Active Directory) does not support LDAP referrals, or is not being used, enrollment will fail. Users who are already enrolled on the PGP Universal Server will either be put into the Default policy or disabled if Exclude non-matching users by default is selected.


Disable LDAP Referrals on the PGP Universal Server:


  1. Login to the PGP Universal Server administrative interface.
  2. Click the Policy card.
  3. Select the Internal User Policy card.
  4. Click on Directory Synchronization button.
  5. Remove the check mark next to Enable LDAP Referrals.
  6. Click Save to apply the change.

NOTE: In PGP Universal Server 3.2, the Enable LDAP Referrals option can be located in Consumers > Directory Synchronization> Settings (a button at the very bottom of the page).