Can Endpoint AD User Groups Go Against An LDAP Server ?

book

Article ID: 160680

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

Can the Active Directory ( AD ) User Group Lookup go against an LDAP Server instead of going against AD ?

Resolution

In general, Endpoint can not access LDAP Servers when setup when AD User Groups are used.
This is due to the way the AD User Group resolution is performed. The Endpoint does not use LDAP but the ADSI API to access the local AD resources.

In detail:

1.The current solution on the endpoint uses ADSI API to query the AD. The current support is only for MS Active Directory.
2.It supports querying of groups from AD for the specified user


PM-1430 has been filed for "LDAP support - Tivoli Directory Server for endpoint group based policies." , which essentially requests support for LDAP referencing on the Endpoint when AD User Groups is in use. There is currently no target version set. Please contact your Account Manager or PM for consideration. You can also contact support to see if a target version has been set.