Data Loss Prevention

 View Only

  • 1.  DLP 11.6 LiveLdapLookup

    Posted Oct 05, 2012 10:05 AM

    Hi

    i try to enrichment custom attributes by using the LiveLdapLookup. Pressing the Lockup Button results in a green bar, but no custom attribute is enriched.

    I put all the information as new LDAP Plugin in the GUI.

    in previous versions i have done with sucess, but never with 11.6.

    my attribute mappings are:

    attr.telephoneNumber = DC=area51,DC=e3ag,DC=net:(email=$sender-email$):telephoneNumber
    attr.userPrincipalName = DC=area51,DC=e3ag,DC=net:(email=$sender-email$):userPrincipalName

    My connection to the Ad is succesful, the cusom attributes are written correct. and in AD i have values defined.

     

    doing the same search with other tools, return the correct user, so the query part should be ok.

    is anybody here, which used this new way of define plugins in 11.6 and is using the LiveLdapLookup Plugin?

     

    many thanks in advance for any help

     

    kind regards

    Patrick, Switzerland



  • 2.  RE: DLP 11.6 LiveLdapLookup

    Broadcom Employee
    Posted Oct 06, 2012 10:56 AM

    I think you need to define the Object Container on your serarch base.

    According to your current configuration:

    attr.userPrincipalName = DC=area51,DC=e3ag,DC=net:(email=$sender-email$):userPrincipalName

    I think you need to change into:

    attr.userPrincipalName = DC=area51,DC=e3ag,DC=net,CN=users:(email=$sender-email$):userPrincipalName

     



  • 3.  RE: DLP 11.6 LiveLdapLookup

    Posted Oct 08, 2012 08:39 AM

    I am having issues now also. Everything worked pre 11.6 and now all of my custom attributes are broken. I have a case open with Symantec now but it is not going smoothly.



  • 4.  RE: DLP 11.6 LiveLdapLookup

    Trusted Advisor
    Posted Oct 08, 2012 02:51 PM

    Patrick,

     

    I am not sure if you understand how the lookup works.

    attr.userPrincipalName - means that you have a Custom Attribute in the UI called userPrincipalName, I doubt that this is the case.

    The attr.XXX is = to the Custom Attribute Name in your UI. THIS IS CASE SENSITIVE. Here is a typical one that I use.

    Make your basedn in the Directory Connection to: DC=e3ag,DC=net

    Then in the following lines change the dc=domain to DC=area51. This should get you there.


    attr.Sender\ Email = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):mail
    attr.First\ Name = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):givenName
    attr.Last\ Name = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):sn
    attr.Department = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):department
    attr.Title = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):title
    attr.Phone = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):telephoneNumber
    attr.Location = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):l
    attr.TempMgrDn = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):manager
    attr.Manager\ Email = dc=domain:(distinguishedname=$TempMgrDn$):mail
    attr.Manager\ First\ Name = dc=domain:(distinguishedname=$TempMgrDn$):givenName
    attr.Manager\ Last\ Name = dc=domain:(distinguishedname=$TempMgrDn$):sn
    attr.Manager\ Title = dc=domain:(distinguishedname=$TempMgrDn$):title
    attr.Manager\ Phone = dc=domain:(distinguishedname=$TempMgrDn$):telephoneNumber
    attr.Manager\ Office = dc=domain:(distinguishedname=$TempMgrDn$):physicalDeliveryOfficeName



  • 5.  RE: DLP 11.6 LiveLdapLookup

    Trusted Advisor
    Posted Oct 08, 2012 04:41 PM

    Patrick,

     

    If this works for you.. call it solved please.