Product guide
EE LDAP Server User/Group Synchronization
Make sure you use the correct user attribute format in the EE LDAP Server User/Group
Synchronization task. Match the correct user attributes in the fields.
Figure 3-4 EE LDAP Server User/Group Synchronization
Username
The value of this field determines the form of the PBA username. For example, if the username value
is set to samaccountname, the user has to provide the samaccountname at the PBA and EE Windows
Logon pages.
Display Name
The value of this field decides the form of the username displayed in ePolicy Orchestrator (Menu |
Reporting | Queries | Endpoint Encryption | EE: Users and Menu | Data Protection | Encryption Users | Actions | Endpoint
Encryption | View Users) pages. For example, if the username attribute is set to samaccountname and
Display Name attribute is set to userprincipalname, the username appears as name
(paul)@domain.com.
If the Display name attribute is set to userprincipalname, the username appears as name
(paul)@mcafee.com whereas the user will be allowed to log on with the name value name (paul).
(This can be different depending on the attribute selected in the username field and value of the
attribute set in the LDAP).
Account Control
This attribute checks for the status of the user, for example, if the user is enabled or disabled on the
LDAP server.
Make sure to select the useraccountcontrol attribute in the Account Control field. Attributes other than
this do not activate EEPC on the client.
3
Software configuration and policies
EE LDAP Server User/Group Synchronization
16
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide