DLP SecureLDAP for Directory Connections
search cancel

DLP SecureLDAP for Directory Connections

book

Article ID: 246632

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

You need to use secure communication between the Enforce server and the AD server.

Resolution

Any and all certificates for the AD server need to be added to the DLP enforce server's java cacerts file.  The default directory for that file is

DRIVE:\PATH\TO\JAVA\lib\security\cacerts

The certs can be added with java keytool (comes included with Java in the bin directory) with the below command

keytool -import -file /PATH/TO/CERTS/cert.cer -alias sldap_cert -keystore DRIVE:\PATH\TO\JAVA\lib\security\cacerts -storepass changeit

 

 

After adding all the certs, recycle the SymantecDLPManagerService, and configure the AD connection to use sldap.  See the screenshot below