Live LDAP attributes not populating


Article ID: 160719


Updated On:


Data Loss Prevention Enforce


The Live LDAP plugin is configured with the correct credentials, but the attributes are still not populating.


The Live LDAP configuration appears correct and the credentials can be used with an LDAP browser to find the information that should be populating into the incidents. However, the Live LDAP attributes are not getting populated.  One possible cause is a duplication of information in the basedn value and the individual query lines.

In the LDAP configuration, there is a variable "basedn".   This is prepended to all LDAP query lines in the files. 

If part or all of the "basedn" value is also used in the LDAP query in a line, the duplication in the query will cause the LDAP query to fail and not return the expected results.

For instance, in the following condensed example of the file


## --------- Vontu Live LDAP Plugin -----------------
#  This is the property file for Live LDAP Lookup plugin

## --------- LDAP Server Connection Parameters ------
servername = server.test.lab
port = 389
basedn = DC=test,DC=lab
authtype = simple
username = test\\Administrator
password = test

attr.First\ Name = cn=users:(email=$sender-email$):firstName
attr.Last\ Name = DC=test,DC=lab,cn=users:(email=$sender-email$):lastName


The query for attr.First\ Name will return with the value populated correctly.  Only the cn=users was added to the basedn to create the complete query value for the LDAP request. The query string would look like:


The query for attr.Last\ Name will return a null value.  Notice that the value of basedn was duplicated in the query section.  The query string would look like:


The duplication of the basedn value causes the LDAP query to fail.