This article covers the process of integrating an LDAP Active Directory connection into Symantec Data Loss Prevention (DLP) 15.0 or above for the purpose of logging into Enforce with an AD account.
This is a different process for DLP 12.x and 14.x. See LDAP Active Directory Connection in Data Loss Prevention 14.x
The process for setting up AD User Authentication in DLP changed in version 15.0. The configuration now takes place both in the UI and manual configuration of the springSecurityContext file.
In order to configure an LDAP AD Connection for Symantec DLP 15.0 and above, complete the following steps:
SymantecDLP\Protect\configon Windows or
[libdefaults]section identifies the default domain. (Kerberos realms correspond to Active Directory domains.) The
[realms]section defines an Active Directory server for each domain. In the example below, the Active Directory server for ENG.COMPANY.COM is acmeADserver.company.com. More than one server can be added, as needed.
If you are running Symantec Data Loss Prevention on Linux, verify the Active Directory connection using the kinit utility. You must rename the krb5.ini file as krb5.conf. The kinit utility requires the file to be named krb5.conf on Linux. Symantec DLP assumes that you use kinit to verify the Active Directory connection, and directs you to rename the file as krb5.conf.