McAfee Data Loss Prevention 9.2.2 Product Guide

13Managing McAfee DLP systemsAdding servers to McAfee DLP systems12 Select the SSL checkbox to encrypt the connection and enable LDAPS (LDAP over SSL).A secure connection is not required, but is strongly recommended. Accept any available certificate,or select one by uploading it. If you upload, you must find the FQDN name of the authorizationserver in the encrypted file by logging on to the back end of the McAfee DLP appliance and runningthe following.# openssl x509 ‐noout ‐in .cer ‐subjectThe FQDN will be returned in reverse order:subject= /DC=net/DC=reconnex/CN=tycheRead from left to right to get the name of the authorization server:tyche.reconnex.netType the name into the Authorization Server field.13 Select a Scope to set the directory depth to be accessed on the server.14 Click Apply.Add Active Directory or OpenLDAP usersLDAP user accounts can be retrieved from the directory server, or account credentials can be addedthrough McAfee DLP Manager.Before you beginNew LDAP users must be assigned to existing domains.Although user accounts can be added directly through McAfee DLP Manager, existing user accountsneed not be added to the system. The system retrieves users automatically, and starts detectingincidents through existing accounts.Task1 Select one of these options:• In ePolicy Orchestrator, select Menu | Data Loss Prevention | DLP Sys Config | User Administration | Users.• On your McAfee DLP appliance, select System | User Administration | Users.2 From the Actions menu, select Create LDAP User.The Add New LDAP User page appears.3 Add or retrieve users is one of the following ways.• Type in a known Login ID or User Name.• Type in an asterisk (*) to retrieve a list of all users on the server.• Use an asterisk (*) as a metacharacter to retrieve related users (for example, R* or *st*).4 Click Find.5 Select one or more users from the list.264 McAfee Data Loss Prevention 9.2.2 Product Guide