Adding or editing user directory server information

Administrator Help | Forcepoint DLP | Version 8.5.x

On the Settings > General > User Directories > Add/Edit directory server page in the Data Security module of the Forcepoint Security Manager:

Mark the Enabled check box to import user information from this directory server.

Enter or update the Name for the user directory server.

Select the Type of directory from the drop-down menu: Active Directory, Domino, or Comma Separated Value (CSV) file.

If you select Active Directory or Domino, see Using Active Directory or Domino.

If you select Comma Separated Value (CSV) file, see Using a CSV file.

Using a CSV file

If you selected Comma Separated Value (CSV) file, under Connection Settings:

Enter the Path to the CSV file containing the user directory entries in UNC format. For example, <\\SharedServer\Shared\Groups\Network\>.

Enter the User name and Password for an account with access to the path.

Click Test Connection to verify that Forcepoint DLP can access the path.

Click OK to save your changes.


	Important CSV files must use a specific format. Refer to Importing user entries from a CSV file for details.

Using Active Directory or Domino

If you selected Active Directory or Domino:

Under Connection Settings, enter the IP address or hostname and Port to use to connect to the user directory server.

Enter the User distinguished name and Password for an account with access to the directory server.

For Active Directory, the format "domain\username" is supported.

For Domino, use the format "CN=User, OU=Department, DC=DomainComponent,DC=com".

Optionally, enter the Root naming context that Forcepoint DLP should use to search for user information.

When entering a value, ensure that it is a valid context in the domain.

If the field is left blank, the system begins searching at the top level of the directory service.

Mark Use SSL encryption to connect to the directory server using Secure Sockets Layer (SSL) encryption.

Mark Follow referrals to have Forcepoint DLP follow server referrals, should they exist.

Referrals are an LDAP feature that provide the ability to build hierarchies of LDAP servers. Follow referrals with caution. If not set up properly, referred queries can take a long time and appear to be time-outs.

Click Test Connection verify that Forcepoint DLP can connect to the directory server.

Under Directory Usage, mark Get user attributes to retrieve user attributes from the directory server, then:

Enter the user Attributes to retrieve for all users (comma separated).

If the directory includes photo attributes, use the User's photo attribute to enter them in a comma-separated list. The default is thumnailPhoto.

If you do not want to display a photo of the user, leave this field blank.

If a photo does not exist for the user, an empty image displays.

Under Test Attributes, in the Sample email address field, enter a valid email address that can be used to test whether Forcepoint DLP can retrieve the configured attributes from the user directory server.

Click Test Attributes to retrieve user information.

Click OK to save your changes.


	Note If you change user directory settings at a later date, existing accounts become invalid unless you are pointing to an exact mirror of the user directory server. If the new server is not a mirror, you may not be able to distinguish between new and existing users.