Data Loss Prevention

Hi, 

The userguide for DLP 11.6 mentions that it can authenticate against Active Directory. Can it also authenticate against LDAP or only against AD? 

Thanks in advance.

Hi,

AD Authentication and a LDAP query are two different things.  To perform an AD authentication you need to configure the krb5.ini file (windows) or the krb5.conf file (Linux).  then run a command.  See the admin guide for DLP 10.5 and search for krb5 and it will take you to the page for AD Authentication. 

A LDAP query populates custom attributes in SMTP incidents only.  These attributes are mapped out in System - Overview - Attributes - Custom Attributes.  The files that need to be configured to enable this functionality are the plugins.properties file and the LiveLdapLookup.properties file located in <drive>:\\Vontu\Protect\Config

The admin guide can help with AD authentication, the Lookup Plugin Guide can be helpful when configuring the LDAP query. 

Regarding the above reply:

1 - LDAP integration for custom attribute lookup can be used for more than just SMTP incidents.

2 - Plugins.properties and the LiveLDAPLookup.properties file are no longer used (or more accurately, are not manually configured).  Lookups and plugins are all configured through the DLP user interface.

AD authentication for the UI is, as mentioned, controlled by the KRB5 file, along with a few settings in the DLP console, and instructions for configuration can be found in the product documentation.

Regards,

~Keith

hi andrejas,

 Unfortunatley no, you cannot authenticate people on DLP using LDAP request (neither LDAPS of course). For company which uses a LDAP directory to manage identities it is a real missing feature. we ask for it to our symantec representative for years now, so if you are also interested in it now we have one more support for this feature.

 Regards. 

Thanks Stephane, your response best answers my question.