Does Live LDAP Lookup support Secure LDAP / LDAPS Symantec Data Loss Prevention
Article ID: 160055
Data Loss Prevention Enforce
Can Live LDAP Lookup authenticate through secure LDAP (636/tcp instead of 389/tcp)?
DLP 15.1 and later
We can setup the LDAP connection for the lookup plugin to use a secure ldap connection on port 636. To setup the secure ldap connection we need to import the AD certificate into the cacerts keystore on the enforce server. Also see the help on enforce console regarding how to make a secure connection. search for SSL in search, select "Importing SSL certificates to Enforce or Discover servers" from help file menu.
You will have to get the AD certificate that you are connecting to in your LDAP lookup plugin configuration. Note: Whatever host you are connecting to, you will get the AD certificate.
You will need to import this certificate into the enforce cacerts keystore, see the enforce help file on importing the certificate into enforce cacerts keystore also listed below:
Copy the certificate file you want to import to the Enforce Server.
Change directory to
For DLP 15.1-15.7 -- C:\Program Files\Symantec\DataLossPrevention\ServerJRE\1.8.0_202\bin on the Enforce Server or Discover Server computer.
For DLP 15.8 and newer – C:\Program Files\AdoptOpenJRE\jdk8u262-b10-jre\bin
Execute the keytool utility with the -importcert option to import the public key certificate to the Enforce Server cacerts keystore: