Unable to login with accounts within the AD User group. We have to manually add accounts to allow login, instead of managing via AD groups.
Release : 15.8
Component : Enforce
SEVERE [com.vontu.enforce.domainlayer.datauser.source.DataUserSyncTask] User Synchronization failed:
Cause:
org.springframework.ldap.PartialResultException:
nested exception is javax.naming.PartialResultException
[Root exception is javax.naming.CommunicationException:
simple bind failed: DomainDnsZones.<domainName>:636
[Root exception is javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException:
No subject alternative DNS name matching DomainDnsZones.<domainName> found.]]
Taken from the DLP Install Guide
The latest JRE improves LDAP security. However, the improved security may cause the SSL connection to Microsoft
Active Directory to fail. If this occurs, add the following key to your SymantecDLPManager.conf file, then restart the
Enforce Server:
wrapper.java.additional.30 =
-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true
If this setting is disabled, and secure LDAP is required for User Indexing, the index will fail.
The solution is to enable com.sun.jndi.ldap.object.disableEndpointIdentification=true in SymantecDLPManager.conf file, then restart the
Enforce Server service.