Live LDAP attributes not populating

book

Article ID: 160719

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The Live LDAP plugin is configured with the correct credentials, but the attributes are still not populating.

Resolution

The Live LDAP configuration appears correct and the credentials can be used with an LDAP browser to find the information that should be populating into the incidents. However, the Live LDAP attributes are not getting populated.  One possible cause is a duplication of information in the basedn value and the individual query lines.

In the LDAP configuration LiveLDAPLookup.properties, there is a variable "basedn".   This is prepended to all LDAP query lines in the files. 

If part or all of the "basedn" value is also used in the LDAP query in a line, the duplication in the query will cause the LDAP query to fail and not return the expected results.

For instance, in the following condensed example of the file LiveLDAPLookup.properties:

-----------------------------------------------------------------------------------------------------------------------------

## --------- Vontu Live LDAP Plugin -----------------
#
#  This is the property file for Live LDAP Lookup plugin

## --------- LDAP Server Connection Parameters ------
#
servername = server.test.lab
port = 389
basedn = DC=test,DC=lab
authtype = simple
username = test\\Administrator
password = test

attr.First\ Name = cn=users:(email=$sender-email$):firstName
attr.Last\ Name = DC=test,DC=lab,cn=users:(email=$sender-email$):lastName

------------------------------------------------------------------------------------------------------------------------------

The query for attr.First\ Name will return with the value populated correctly.  Only the cn=users was added to the basedn to create the complete query value for the LDAP request. The query string would look like:

DC=test,DC=lab,cn=users

The query for attr.Last\ Name will return a null value.  Notice that the value of basedn was duplicated in the query section.  The query string would look like:

DC=test,DC=lab,DC=test,DC=lab,cn=users

The duplication of the basedn value causes the LDAP query to fail.