Search for answers or browse our knowledge base.
Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
To configure one or more LDAP Lookup Plugins, need to follow the below procedure steps.
| # | Description |
| 1 | Add directory connections from System > Settings > Directory Connections a) Confirm Authentication test is successful b) Go to Index Settings tab, complete rebuilding the index (MUST be completed at least once) c) Go to Index and Replication Status – confirm information is populated with version number and date etc. |
| 2 | Create custom attributes: (say)Employee Info———————TitleNamePhoneEmailOffice Location Business Info——————DivisionDepartment |
| 3 | Create a LDAP plug-in a) Configure Lookup Parameters b) Modify Lookup Plugin Chain to enable the plugin c) Reload plugin each time any modification is made |
| 4 | Test Lookup |
It is important to understand the User Objects in Active Directory Users and Computers and their corresponding LDAP mappings. LADP mapping attributes may differ for different versions of AD schema. See the Microsoft artile for User Object User Interface Mapping.
Reference:
https://docs.microsoft.com/en-us/windows/desktop/ad/user-object-user-interface-mapping
You may need to run a powershell command to find all properties of the user with samAccountName and collerate attributes mapping. For example, you want see all properties of the user BobJones in your AD. Try the following command in powershell: PS C:> Get-ADUser BobJones -Properties *
Reference:
Say you want to display the following Attributes and here’s the steps are needed:
| Attributes | As per Microsoft KB | Use Get-ADUser (your env) |
| Business Division | company | company |
| Business Department | department | department |
| Employee Title | title | businessCategory |
| Employee Name | displayName | displayName |
| Employee Phone | telephoneNumber | mobile |
| Employee Email | E-mail-Addresses | |
| Employee Office Location | physicalDeliveryOfficeName | office |
So the attribute will look like below:
attr.Name=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):displayName
attr.Office Location=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):office
attr.Office Phone=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):mobile
attr.Email=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):mail
attr.Division=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):company
attr.Department=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):department
attr.Title=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):businessCategory