Product guide
User Certificate
The User Certificate attribute is used by the McAfee ePO Server to determine which certificate should
be sent from ePolicy Orchestrator to the client, for example, smartcard tokens. It is better to clear this
attribute when you use the Password only token. Setting this attribute can accumulate large amount
of certificate data in the ePO database and impact LDAP performance; therefore, you can remove the
certificate query from EE LDAP Server User/Group Synchronization while using the Password only token.
If the attribute value used for username or Display Name is not set in the LDAP server for any user,
EEPC uses the attribute distinguished name for that particular object.
After changing the attribute value for any of the fields, the EE LDAP Server User/Group
Synchronization task needs to be run, to make sure the ePolicy Orchestrator database is updated with
the new values.
EE LDAP Server User/Group Synchronization task log
The administrator can also view a log of this particular server task by double clicking the particular
server task on the Server Task Log page in ePolicy Orchestrator. This log displays only high level
information about the users, groups or OUs, and not the detailed log; however, when an LDAP user
assigned to EE: Users is deleted/disabled from the LDAP server, then the EE LDAP Server User/Group
Synchronization task log shows the user information of the removed user account.
Figure 3-5 Server Task Log
Software configuration and policies
EE LDAP Server User/Group Synchronization
3
McAfee Endpoint Encryption for PC 6.2 Software Best Practices Guide
17