How to Configure Live LDAP Lookup

book

Article ID: 160400

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Configuration steps for setting up Live LDAP Lookup

Resolution

Purpose: Configuration steps for setting up Live LDAP Lookup.

Step 1 - Update Plugins.properties

\Vontu\Protect\config\Plugins.properties:

# Plugin Execution Chain.
# A comma-separated list of attribute lookup plug-ins to be executed in sequence.
# Example: com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.xls.ExcelLookup, com.vontu.lookup.script.ScriptLookup
# This example will execute Script Lookup #1 -> ExcelLookup -> Script Lookup #2
# Even if there is only one plugin in the chain, it must be listed here.
com.vontu.plugins.execution.chain=com.vontu.lookup.liveldap.LiveLdapLookup
# Plugin JAR manifests to enable Live LDAP lookups -- Note: "Vontu Directory Classes" (directory.jar) must be specified to enable LDAP lookups
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup
# Live LDAP lookup configuration file
com.vontu.lookup.liveldap.LiveLdapLookup.properties = LiveLdapLookup.properties

 

Step 2 - Update LiveLdapLookup.properties

\Vontu\Protect\config\LiveLdapLookup.properties:

servername = <LDAPSERVERNAME> (e.g. oak.vontu.corp)
port = 389
basedn = <base distinguished name> (e.g. DC=vontu,DC=corp)
authtype = simple
username = <username w/ read access) (e.g. Vontu\<your Windows login>)
password = <password for your username)

You will also need to define Custom Attribute Mappings.  Here's an example:

## ----- Custom Attribute Mappings ------------
#
#  In the following section custom attributes in the Vontu Enforce server can be assigned
#  an LDAP query.  The format for this mapping is the following:
#
#        attr.VontuCustomAttributeName = searchbase:(searchfilter=$variable$):ldapAttribute
#
#  If the VontuCustomAttributeName requires a space character you should escape it with a backslash.
#
#  You can assign queries to temporary variables and use those variables in subsequent
#  queries.  For example:
#               attr.TemporaryVariable = <query here>
#  This would declare a variable called TemporaryVariable.  The value stored in this variable can
#  be referenced using $Temporary$ in subsequent queries.
#
attr.Title = ou=Users:(mail=$sender-email$):title
attr.Telephone\ Number = ou=Users:(mail=$sender-email$):telephoneNumber
attr.Country = ou=Users:(mail=$sender-email$):c
attr.Department = ou=Users:(mail=$sender-email$):department
attr.Manager = ou=Users:(mail=$sender-email$):manager
attr.Manager\ Email = ou=Users:(distinguishedName=$Manager$):mail

 

 

 

The syntax of the attribute string is as follows:

Before the equal sign is 'attr.' followed by the name of the custom attribute as configured on the DLP enforce server. The custom attribute names (e.g. 'attr.Title') MUST match custom attributes that already exist. Any spaces must be escaped with backslashes, as shown in the example above. Note that the complete string is also case-sensitive, including the 'attr.' prefix as well as the attribute name.

After the equal sign, the first section (before the first colon) is the location in the LDAP tree where the search for this attribute will be performed ('ou=Users' in this example). If the search will be done from the base DN, you should omit this part.

The second section (between the two colons) is the LDAP search filter. In this example, we are searching for any object whose 'mail' attribute matches the 'sender-email' variable retrieved from the incident.

The third section (after the last colon) is the LDAP attribute that will be searched for, and populated into the DLP custom attribute.

Steps to follow once the properties files are updated:

1. Restart Vontu Manager service on the Enforce server, whenever Plugins.properties has been modified. (For version 10 and later, you must also restart the Vontu Incident Persister service.)
2. Navigate to Custom Attributes page and click Reload Lookup Plug-ins. Make sure you get a green success message.
3. Navigate to an incident snapshot and click Lookup to retrieve custom attributes. Verify that attribute values are populated.

 

NOTE: Reference TECH221332 for finding LDAP output, this helps with knowing what attribute to map to.

Secondary NOTE:  Depending on what type Detection Server will determine what parameters can be mapped.
The full mapping details can be found in Symantec_DLP_11.5_Lookup_Plugin_Guide.pdf page 14, or page 991 of the Symantec_DLP_11.6_Admin_Guide.pdf
 

 

Applies To

 

The details in this technote apply to DLP versions earlier than 11.6.

In DLP 11.6, configuration of Lookup Plugins was moved to the UI.