Manualshelf

Product guide

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
11121314151617181920
Table Of Contents
EE LDAP Server User/Group Synchronization
Make sure you use the correct user attribute format in the EE LDAP Server User/Group
Synchronization task. Match the correct user attributes in the fields.
Figure 3-2 EE LDAP Server User/Group Synchronization
Username
The value of this field determines the form of the PBA username. For example, if the username value
is set to samaccountname, the user has to provide the samaccountname at the PreBoot
Authentication page.
Display Name
The value of this field decides the form of the username displayed in ePolicy Orchestrator (Menu |
Reporting | Queries | Endpoint Encryption | EE: Users and Menu | Data Protection | Encryption Users | Actions | Endpoint
Encryption | View Users) pages. For example, if the username attribute is set to samaccountname and
Display Name attribute is set to userprincipalname, the username appears as name
(paul)@domain.com.
If the Display name attribute is set to userprincipalname, the username appears as name
(paul)@mcafee.com whereas the user will be allowed to log on with the name value name (paul).
(This can be different depending on the attribute selected in the username field and value of the
attribute set in the LDAP).
If the attribute value used for Username or Display Name is not set in the LDAP server for any user,
Endpoint Encryption uses the attribute distinguished name for that particular object.
Account Control
This attribute checks for the status of the user, for example, if the user is enabled or disabled on the
LDAP server.
User Certificate
The User Certificate attribute is used by the McAfee ePO Server to determine which certificate should
be sent from ePolicy Orchestrator to the client, for example, smartcard tokens. It is better to clear this
attribute when you use the Password only token. Setting this attribute can accumulate large amount
of certificate data in the ePO database and impact LDAP performance; therefore, you can remove the
certificate query from EE LDAP Server User/Group Synchronization while using the Password only
token.
After changing the attribute value for any of the fields, the EE LDAP Server User/Group
Synchronization task needs to be run, to make sure the ePolicy Orchestrator database is updated with
the new values.
Software configuration and policies
EE LDAP Server User/Group Synchronization
3
McAfee Endpoint Encryption 7.0 Patch 1 Software Best Practices Guide
17