Im hoping someone might be able to shed some light on this issue I am having. Im almost 99% sure that this has not happened before and I have done about 20 installations of Endpoint Encryption in a variety of different companies.
Right here the problem.
I have a connector setup to pull users from the customers LDAP (Netware) server and put them in a group called Laptop Users. This works perfectly fine without errors.
Now the customer wanted himself and a couple of others to be in the Administrators group as they will be setting up a couple of user groups to assign to different groups of machines. This way the IT staff always have access to all machines.
So I have moved the 4 Users from the Laptop users group and popped them into the Admins group. Now they stay there right up until the connector runs on its schedule and it dumps them back into the Laptop group.
Customer is running 5502. We have tested it with 5600 build aswell but the same is happening.
I hope someone can help as im sure this has not happened elsewhere.
you need to sit down with someone and discuss I think.
the connector will add users it finds and "connect" them to their directory counterparts. It won't take over users that other connectors have added, or that you've added manually - though you can "glue" an existing user to one, or more connectors.
so, you can't give users in EEM a different property set than their connector wants - it will just put them back when it runs. You need to either teach the connector with rules so it does that for you, or disconnect those users from that connector.
If you have multiple directories and user name overlap, that's a situation no meta-directory supports. The first connector to create the user will do so, all others will give you an error saying the user already exists.
If someone has time could they check the 5600 Build for me to see if they get the same as were were experiencing yesterday. The sites that had the reception user were working as you stated. The second connector to run gve the error that the user already existed. However when we changed to 5600 build the reception user was moving dependant on which connector ran last.
Here is how I've setup the Admin/User connection. I have one AD Connector configured as follows:
Connector -> General -> Search Groups cn=Laptop Users,ou=Groups,dc=corp,dc=mydomain,dc=com cn=McAfee EE Admins,ou=Groups,dc=corp,dc=mydomain,dc=com
Connector -> Group Mappings Endpoint Encryption Group: Admins Directory Service Attribute: memberOf Attribute Value: cn=McAfee EE Admins,ou=Groups,dc=corp,dc=mydomain,dc=com
If NO mapping Exists: Use The Group: Users - Default
Folks that are members of the Admins group are put in the Admins group, all other users are dumped into the Users - Default group. To date it's worked flawlessly.
Of course, since you're not using AD you'll need to just find a new way to configure the one Group Mapping above, but I'm sure there is some other parameter you can use. If you're on eDirectory, I think it might even still be called memberOf, but any LDAP browser will help you there.