Symantec Encryption Management Server (SEMS) can exclude users if LDAP Customizations have been made within the command line interface.

In some rare cases, LDAP customizations can be done (on SEMS, not in the actual LDAP directory solution being used) if certain LDAP solutions, such as OpenLDAP, or Domino Directory don't support the standard attributes SEMS normally queries for, or if an attribute SEMS pulls for is not an optimal match.  If these LDAP values have been customized by Symantec Support or Symantec Consulting Services, there is potential for this to prevent users from enrolling the Symantec Encryption Desktop clients, or creating new users on the SEMS, in order to send secured email.

Symptoms of this issue include the following error when sending an email through the server in which no new users are created:

NOTICE pgp/messaging[22945]: SMTP-00001: failed to locate user record with email address '[email protected]' on any of the configured directories

The other symptom is no users will be able to enroll if clients have been created.

The LDAP customizations that may have previously been made appear to cause this issue.

This issue is currently in review by Symantec Development.  Please contact Symantec Support to apply the workaround, which is done via the database.

Applies To

SEMS (formerly known as PGP Universal Server) versions 3.2.0 and above.

LPME Server 2.1.1 (Based on SEMS 3.2.0.1672)