Looking up user's manager's manager using LDAP lookup plug-in.

book

Article ID: 184620

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Is it possible to lookup for the user's manager's manager information in incidents using LDAP lookup plug-in?

Resolution

User's manager ID is defined by attribute:

attr.TempManager =:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$HTTPUserName$)):manager

Note: this is an example, needed query may differ based on organization's AD attributes lexicon. Name of the attribute (attr.TempManager) can be any.
 

Using this attribute's value retrieve ID of manager's manager by below query:

attr.TempMgrLvl2= :(distinguishedname=$TempManager$):manager


Then using the value of the manager's ID  plug-in can look up for other attributes needed.

For example:

attr.Manager2\ First\ Name =:(distinguishedname=$TempMgrLvl2$):givenName

attr.Manager2\ Last\ Name =:(distinguishedname=$TempMgrLvl2$):sn

attr.Manager2\ Email =:(distinguishedName=$TempMgrLvl2$):mail

attr.Manager2\ Title =:(distinguishedName=$TempMgrLvl2$):title

attr.Manager2\ Department =:(distinguishedName=$TempMgrLvl2$):department

attr.Manager2\ Phone =:(distinguishedName=$TempMgrLvl2$):telephoneNumber


Above 6 (example) attributes have to be mapped in the Enforce console under System->Users->Attributes to be reflected later in incident details.