How do you enable LDAP lookup for multiple products?

book

Article ID: 160762

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

How do you enable lookups for attributes like "First Name" or "Business Unit" from LDAP across multiple products? 

Resolution

Relevant versions:  7.x and up

Since you need to use different keys when searching LDAP based upon the incident type, such as $sender-email$ for DIM and $file-owner$ for DAR, enabling lookups for attributes from LDAP across multiple products can prove to be a challenge.

There is a way to accomplish this by creating an "or" type relationship within the LDAP query strings in the LiveLdapLookup.properties file, like this:

(|(email=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$))

You only need one line per attribute, which prevents the second from overwriting the first. Simply make sure all three of those variables are enabled to be passed in by defining the attribute set properly in the Plugins.properties file (located in the \Vontu\Protect\config directory).

NOTE:

Make sure you enable the correct parameters in the Plugins.properties file:

com.vontu.api.incident.attributes.AttributeLookup.parameters = sender, message

"sender" enables sender-email and endpoint-user-name. "message" enables file-owner.

NOTE:  See the V9 Lookup Plugin Guide for more detailed information on configuring the parameters for Plugins.