cancel
Showing results for 
Search instead for 
Did you mean: 
SafebootMEE
Level 9

EEPC LDAP Server User/Group Synchronization

Can someone explain the engineering on this feature? I assume that it does at least these functions:

1. Uses LDAP attributes to check for any changes or updates and synchronizes to the ePO database.

2. Checks if the LDAP account is disabled and synchronizes the information to the database so that the appropriate security measure(s) can occur on the EEPC protected systems.

3. Synchronizes AD groups/memberships.

When configuring properties for the EEPC LDAP Server User/Group Synchronization task I can contact LDAP and choose attributes. Do I have to contact the LDAP server to do this or can I just manually type the attributes in the required fields? As long as the server task is successful it does not matter correct? What log file should I look at to check for any errors for this task? What if I cannot contact the LDAP server to choose attributes but the EEPC LDAP Server User/Group Synchronization task is successful (the registered LDAP server connection test is also successful). Will AD integration still work properly?

0 Kudos
13 Replies
peter_eepc
Level 15

Re: EEPC LDAP Server User/Group Synchronization

You can use default values if they suit your needs. Clicking on tripple-dot button does not connect to LDAP server but gives you options to choose from. That is NOT a complete or actual list of attributes from your LDAP server. You can type in any other attribute name.

If you run that server task, it shows server tasks log. If you click on the recent log line, it displays log details.

Running just a connection test is not sufficient.

You can try to use EEPC add users to systems function to verify EEPC LDAP Server collected information.

0 Kudos
SafebootMEE
Level 9

Re: EEPC LDAP Server User/Group Synchronization

Ok, clicking on the triple dot does not connect to my LDAP server and this is not an actual attribute list from my LDAP server. Why do I get the 'Unable to connect to LDAP server' error message when clicking on the triple dot? The EEPC LDAP Server User/Group Synchronization task completed successfully.

Is this error something I should ignore and just test adding EEPC users for EEPC LDAP server functionality?

0 Kudos
peter_eepc
Level 15

Re: EEPC LDAP Server User/Group Synchronization

What details did you get in the server task log?

0 Kudos
SafebootMEE
Level 9

Re: EEPC LDAP Server User/Group Synchronization

5/19/10 10:44:27 AMStarted: Synchronizing LDAP information for [LDAP Servername omitted].
5/19/10 10:44:27 AMStarted: Checking for unreferenced groups
5/19/10 10:44:27 AMCompleted: Checking for unreferenced groups
5/19/10 10:44:27 AMStarted: Adding recursive groups
5/19/10 10:44:27 AMCompleted: Adding recursive groups
5/19/10 10:44:27 AMStarted: Synchronizing groups
5/19/10 10:44:27 AMCompleted: Synchronizing groups
5/19/10 10:44:27 AMStarted: Checking for unreferenced users
5/19/10 10:44:27 AMCompleted: Checking for unreferenced users
5/19/10 10:44:27 AMStarted: Synchronizing users
5/19/10 10:44:27 AMCompleted: Synchronizing users
5/19/10 10:44:27 AMCompleted: Synchronizing LDAP information for [LDAP Servername omitted]. (Endpoint Encryption LDAP Server User/Group Synchonization task)


I do not have any EEPC users or groups assigned to any of my systems.

0 Kudos
peter_eepc
Level 15

Re: EEPC LDAP Server User/Group Synchronization

No errors seems to be there. If you try in ePO to "Menu" -> "Data Protection" -> "Encryption Users" -> select system -> "Actions" -> "Endpoint Encryption" -> "Add Users" -> click +Button beside "Users" and start browsing navigation. Do you see any users that you can explicitly add to your system?

0 Kudos
SafebootMEE
Level 9

Re: EEPC LDAP Server User/Group Synchronization

Yes. I can see and add users without any problems.

I am worried that user attributes will not synchronize because I get the error.

0 Kudos
peter_eepc
Level 15

Re: EEPC LDAP Server User/Group Synchronization

Do you have your LDAP server "registered" in ePO?

0 Kudos
SafebootMEE
Level 9

Re: EEPC LDAP Server User/Group Synchronization

Yes, and I have a successful connection reported by the Test button.

0 Kudos
peter_eepc
Level 15

Re: EEPC LDAP Server User/Group Synchronization

Maybe a bug in version that you are testing... Was registered LDAP server deleted and registration recreated?

Fixed in 6.1 (not 6.0.1):

------------------------------------

On deleting an AD from the registered server page, corresponding EE LDAP Server User/Group Synchronization task does not get deleted and clicking on attributes in corresponding EE LDAP Server User/Group Synchronization task displays an error.

0 Kudos