PGP Desktop LDAP Enterprise Enrollment



Similar documents
Using LDAP Authentication in a PowerCenter Domain

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

VERALAB LDAP Configuration Guide

Insight Video Net. LLC. CMS 2.0. Quick Installation Guide

Configuring and Using the TMM with LDAP / Active Directory

How To Take Advantage Of Active Directory Support In Groupwise 2014

Configuring Sponsor Authentication

Active Directory Integration

LDAP and Active Directory Guide

Click Studios. Passwordstate. Installation Instructions

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

Summary. How-To: Active Directory Integration. April, 2006

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Quality Center LDAP Guide

How to Logon with Domain Credentials to a Server in a Workgroup

Click Studios. Passwordstate. Installation Instructions

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Integrating Webalo with LDAP or Active Directory

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

User guide. Business

Weston Public Schools Virtual Desktop Access Instructions

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Hosted Microsoft Exchange Client Setup & Guide Book

Skyward LDAP Launch Kit Table of Contents

NSi Mobile Installation Guide. Version 6.2

How to Remotely Access the SSSW K: Drive

LDAP / SSO Authentication

Section 4 Application Description - LDAP

LDAP Server Configuration Example

RMS Cloud - Setup Instructions for Windows Computers

Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5

Windows XP Exchange Client Installation Instructions

User Management Tool 1.6

Quickstart guide to Authentication

Trend Micro Worry-Free Remote Manager Agent Installation Guide

How To Use Libap With A Libap Server With A Mft Command Center And Internet Server

TrueEdit Remote Connection Brief

Using etoken for Securing s Using Outlook and Outlook Express

Preparing for GO!Enterprise MDM On-Demand Service

How to Access Coast Wi-Fi

Contents. VPN Instructions. VPN Instructions... 1

ShareFile On-Demand Sync can be installed via EXE or MSI. Both installation types can be downloaded from

LDAP Directory Integration with Cisco Unity Connection

Windows 98 Workstation Install

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

WHITE PAPER Citrix Secure Gateway Startup Guide

Hosted Microsoft Exchange Client Setup & Guide Book

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

Sophos UTM Web Application Firewall for Microsoft Exchange connectivity

Alcatel-Lucent Extended Communication Server Active directory synchronization : installation and administration

Yale Software Library

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

PriveonLabs Research. Cisco Security Agent Protection Series:

Siteminder Integration Guide

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Introduction. Versions Used Windows Server 2003

How to Connect to Remote Desktop & How to Use Cisco AnyConnect Secure Mobility Client Secure VPN Connection

This means that any user from the testing domain can now logon to Cognos 8 (and therefore Controller 8 etc.).

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

SchoolBooking SSO Integration Guide

Step-by-Step Guide to Setup Instant Messaging (IM) Workspace Datasheet

Test Case 3 Active Directory Integration

Integrating LANGuardian with Active Directory

Installation Steps on Desktop Clients

Windows 7 Hula POS Server Installation Guide

SchoolBooking LDAP Integration Guide

SSL VPN Portal Options

Tenrox and Microsoft Dynamics CRM Integration Guide

Nexio Insight LDAP Synchronization Service

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

How to connect to the diamonds wireless network with Vista.

Password Manager Windows Desktop Client

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Configuring User Identification via Active Directory

BlackShield ID. QUICKStart Guide. Integrating Active Directory Lightweight Services

Backing up IMail Server using Altaro Backup FS

Use Enterprise SSO as the Credential Server for Protected Sites

How to Configure Terminal Services for Pro-Watch in Remote Administration Mode (Windows 2000)

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

How to Use Remote Access Using Internet Explorer

Connecting to LRDC Fileserver Remotely Using Windows XP & SRemote VPN

IPedge Feature Desc. 5/25/12

Configuration Guide. BES12 Cloud

Tufts VPN Client User Guide for Windows

Your Question. Net Report Answer

Case Closed Installation and Setup

UC Express Quick Start Guide

Adeptia Suite LDAP Integration Guide

Basic Exchange Setup Guide

User Management Guide

ThinManager and Active Directory

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

WirelessOffice Administrator LDAP/Active Directory Support

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Installing and Setting up Microsoft DNS Server

Quick Scan Features Setup Guide

Transcription:

PGP Desktop LDAP Enterprise Enrollment This document provides a technical, experiential, and chronological overview of PGP Desktop s LDAP enterprise enrollment process. Each step of the enrollment process is highlighted in bold, and includes a detailed explanation. If you just want an overview, you can simply read the bold statement that begins each step or sub-step. All paths, filenames, and other special details are offset in a contrasting font with gray text, as in the following example: %APPDATA%\PGP Corporation\PGP 1. PGP Desktop is installed. Although the actual enrollment process does not technically begin when PGP Desktop is installed, the following install-time events (1a 1b) will facilitate various steps essential to the enrollment process, and are included for completeness: a. A shortcut to PGPtray.exe is placed in the All Users startup directory. This shortcut will cause the PGP Setup Assistant to be launched automatically after the next Windows logon. Following is the full path and name of this shortcut file: %ALLUSERSPROFILE%\Start Menu\Programs\Startup\PGPtray.exe.lnk Following is the full path and name of the program that will be launched after the next Windows logon: %PROGRAMFILES%\PGP Corporation\PGP Desktop\PGPtray.exe

b. A null-terminated string called PGPSTAMP is created in the Windows registry. The value of PGPSTAMP comprises, among other things, the fully qualified domain name of the PGP Universal Server from which this PGP Desktop installation will request policy. This value is also known as PGP Desktop s binding (i.e. PGP Desktop is bound to the PGP Universal Server specified in this string). Following is the full path and name of this null-terminated string in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\PGP Corporation\PGP\PGPSTAMP Following is an example PGPSTAMP value. Note that ovid is the name of the PGP Universal Server to which PGP Desktop is bound. So in this example, PGP Desktop is bound to the keys.example.com PGP Universal Server: ovid=keys.example.com&mail=mail-01&admin=1 2. The computer is rebooted. This is a necessary step because after installation PGP Desktop cannot be used until the computer is rebooted. 3. The user logs on to Windows and PGPtray.exe is executed. The following noteworthy events (3a 3c) occur during this step: a. PGP Desktop synchronizes with its PGP Universal Server. During this brief step, PGP Desktop announces its protocol version and asks PGP Universal Server for the enrollment type (email or LDAP) by sending a GetCapabilitiesRequest message. The server responds with the enrollment type and the connection is closed. This, and all other client-server communication during enrollment, occurs via SOAP over HTTPS on port 443. b. If configured, the PGP Desktop padlock appears in the system tray. This event depends on whether the option Show PGP Desktop in system tray/menu was enabled in the user policy for this PGP Desktop installer. Following is a screenshot of the padlock icon as it appears in the Windows system tray: c. The PGP Setup Assistant launches. When the enrollment type is LDAP, the user is first prompted for their domain authentication credentials (as in the following screenshot):

4. The user authenticates. This step consists of the user typing his or her domain user name and password in the appropriate fields and clicking the Next > button, after which the following noteworthy events (4a 4c) occur: a. PGP Desktop sends the user s credentials to its PGP Universal Server. During this step, PGP Desktop also announces its version number (e.g. 9.5.3.5003) to PGP Universal Server, and displays the following dialog on top of the PGP Setup Assistant:

b. PGP Universal Server verifies the user s credentials. To accomplish this task, PGP Universal Server authenticates to the LDAP directory as the enrolling user. This process is described in detail below. PGP Universal Server first binds to the LDAP directory using the credentials specified in its Directory Synchronization settings (Policy > Internal User Policy), then requests the value of the distinguished name attribute ( dn ) for the enrolling user. Depending on how Directory Synchronization is configured, this query is accompanied with a filter for either Active Directory or OpenLDAP (RFC 1274) directories. Following are examples of these filters, where pgpuser is the user name provided by the enrolling user: Active Directory filter: (samaccountname=pgpuser) OpenLDAP (RFC 1274) filter: (uid=pgpuser) The directory server then responds with the value of the user s dn attribute, which typically looks something like this example: CN=pgpuser,CN=Users,DC=example,DC=com PGP Universal Server closes the connection to the LDAP directory, then initiates a new connection and binds with the distinguished name and password of the enrolling user. When this is successful, PGP Universal Server once again closes the connection to the LDAP directory and the user is considered authenticated. c. PGP Universal Server assigns the user to an internal user policy. In order to complete this step, PGP Universal Server must gather more information about the enrolling user from the LDAP directory. As a result, PGP Universal Server queries the LDAP directory for the values of the following attributes: mail proxyaddresses (Active Directory only) cn samaccountname (Active Directory only) After querying for the above attributes, PGP Universal Server will query for any custom attributes specified by the administrator in the internal user policies.

NOTE: If custom attributes have been specified, the user will be assigned to the first internal user policy for which they have a matching attribute/value. As a result, PGP Universal Server administrators should use unique attributes/values such that users cannot match more than one internal user policy. Finally, PGP Universal Server queries for the following attribute: usercertificate;binary If a verified X.509 certificate is returned by this query, PGP Universal Server imports it as the user s key. This will place the user in client key mode (CKM) because PGP Universal Server will only have a public key for the user. At this point, PGP Universal Server updates the internal_user table in its database with the information gathered in this step. The user is now allowed to continue the PGP Setup Assistant. Note that, in its entirety, step four takes approximately two seconds. 5. The user is allowed to complete the PGP Setup Assistant. The remaining steps will vary based on the internal user policy settings configured by the PGP Universal Server administrator. Below is a summarized list of the requirements for successful LDAP enrollment with PGP Desktop. Required Attributes The following directory attributes must be defined, and have a value, in order for LDAP enrollment with PGP Desktop to be successful. Note that Microsoft Active Directory 2000/2003 with Exchange Server will have all required attributes, while other directory/mail server combinations may not. uid or samaccountname (interchangeable) dn (this will exist if the user exists) mail or proxyaddresses (interchangeable) cn (for the user s display name in PGP Universal Server) Optional Attributes Any custom attributes specified in internal user policies.

usercertificate;binary Password Requirement The enrolling user cannot have a null password in the directory. This is a security feature of PGP Desktop, and allows PGP Universal Server to verify the user s authentication credentials as a part of the enrollment process.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information