Looking up user's manager's manager using LDAP lookup plug-in.


Article ID: 184620


Updated On:


Data Loss Prevention Enforce


Is it possible to lookup for the user's manager's manager information in incidents using LDAP lookup plug-in?


User's manager ID is defined by attribute:

attr.TempManager =:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$HTTPUserName$)):manager

Note: this is an example, needed query may differ based on organization's AD attributes lexicon. Name of the attribute (attr.TempManager) can be any.

Using this attribute's value retrieve ID of manager's manager by below query:

attr.TempMgrLvl2= :(distinguishedname=$TempManager$):manager

Then using the value of the manager's ID  plug-in can look up for other attributes needed.

For example:

attr.Manager2\ First\ Name =:(distinguishedname=$TempMgrLvl2$):givenName

attr.Manager2\ Last\ Name =:(distinguishedname=$TempMgrLvl2$):sn

attr.Manager2\ Email =:(distinguishedName=$TempMgrLvl2$):mail

attr.Manager2\ Title =:(distinguishedName=$TempMgrLvl2$):title

attr.Manager2\ Department =:(distinguishedName=$TempMgrLvl2$):department

attr.Manager2\ Phone =:(distinguishedName=$TempMgrLvl2$):telephoneNumber

Above 6 (example) attributes have to be mapped in the Enforce console under System->Users->Attributes to be reflected later in incident details.