search cancel

Can Endpoint AD User Groups Go Against An LDAP Server ?


Article ID: 160680


Updated On:


Data Loss Prevention Endpoint Prevent


Can the Active Directory ( AD ) User Group Lookup go against an LDAP Server instead of going against AD ?


In general, Endpoint can not access LDAP Servers when setup when AD User Groups are used.
This is due to the way the AD User Group resolution is performed. The Endpoint does not use LDAP but the ADSI API to access the local AD resources.

In detail:

1.The current solution on the endpoint uses ADSI API to query the AD. The current support is only for MS Active Directory.
2.It supports querying of groups from AD for the specified user

PM-1430 has been filed for "LDAP support - Tivoli Directory Server for endpoint group based policies." , which essentially requests support for LDAP referencing on the Endpoint when AD User Groups is in use. There is currently no target version set. Please contact your Account Manager or PM for consideration. You can also contact support to see if a target version has been set.