This article details using Directory Synchronization with LDAP enrollment for Encryption Desktop clients with Symantec Encryption Management Server (previously PGP Universal Server).
Directory Synchronization allows you to assign a consumers to a specific consumer group based on their membership in a specified LDAP directory, or based on matching directory attributes you specify.
Enabling Directory Synchronization allows you to do multiple things:
Note: Users can be enrolled with the server using Directory Synchronization using either LDAP directory enrollment or email enrollment. If you do not select Enroll clients using directory authentication for Directory Synchronization, users enroll via email enrollment.
When using LDAP directory enrollment, clients enroll using directory authentication with an LDAP server such as Active Directory. LDAP enrollment requires certain attributes in the directory to bind the client to the SEMS.
When using LDAP enrollment, users are prompted to enter just their domain user name and password to enroll the client.
Note: Make sure that port 443 is open between the client computer and the server. Clients use this port to retrieve policy information and encryption keys from SEMS. Enrollment fails if port 443 is unavailable.
The following articles detail how to configure Directory Synchronization using LDAP directory enrollment:
Enable Directory Synchronization
Enable Directory Authentication to Enroll Clients
User Principal Name for Directory Synchronization
Troubleshooting: Client Enrollment