HOW TO: Enable Directory Synchronization - Symantec Encryption Management Server


Article ID: 180239


Updated On:


Encryption Management Server Gateway Email Encryption




This article provides step-by-step instructions how to enable and configure Directory Synchronization on Symantec Encryption Management Server (previously PGP Universal Server).

Directory Synchronization allows you to assign different user polices to specific internal user groups.  When using Directory Synchronization, Internal Users come only from the directory you specify when you enable Directory Synchronization. During enrollment, if a user exists in the directory, they are added to the system as internal users and placed in the corresponding policy for their user account.  

Symantec Encryption Management Server (SEMS) supports LDAPv2, LDAPv3, and LDAPS. You can use any of a number of directories with Symantec Encryption Management Server, although directories that more closely conform to the OpenLDAP or X.500 standards work best.

TIP: Symantec recommends using LDAPS for secure LDAP connectivity.  When using LDAP, the IP address of the domain controller is allowed, however, when using LDAPS, ensure you use the FQDN of the DC or the connections will fail.  See article for more information.

Enable LDAP Directory Synchronization

  1. Log into the SEMS administrative interface.
  2. Click Consumers and then select Directory Synchronization.
  3. Click Enable.
  4. Below LDAP Directories, click Add LDAP Directory.
  5. Type a Name and select a Type of LDAP directory.

The LDAP directory types include:

  • Active Directory
  • OpenLDAP (RFC 1274)
  1. Type an appropriate value in the Bind DN field. This value is used to initially bind (or log in) to the directory server. Binding determines the permission granted for the duration of a connection.
  2. Enter a Passphrase for the user value.
  3. Enter a Hostname for your LDAP server.
  4. Enter a Port for your LDAP server. By default the LDAP port is 389.

    Note: Click the Test Connection button to verify you can successfully connect to the LDAP server.
  5. Base Distinguished Names - Enter or browse for a Base DN for your domain.
  6. Consumer Matching Rules - SEMS can match a consumer's enrollment username to this LDAP Directory using a regular expression.
  7. Click Save.