Hi Tburke,
Please refer below
Purpose: Configuration steps for setting up Live LDAP Lookup.
Step 1 - Update Plugins.properties
\Vontu\Protect\config\Plugins.properties:
# Plugin Execution Chain.
# A comma-separated list of attribute lookup plug-ins to be executed in sequence.
# Example: com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.xls.ExcelLookup, com.vontu.lookup.script.ScriptLookup
# This example will execute Script Lookup #1 -> ExcelLookup -> Script Lookup #2
# Even if there is only one plugin in the chain, it must be listed here.
com.vontu.plugins.execution.chain=com.vontu.lookup.liveldap.LiveLdapLookup
# Plugin JAR manifests to enable Live LDAP lookups -- Note: "Vontu Directory Classes" (directory.jar) must be specified to enable LDAP lookups
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup
# Live LDAP lookup configuration file
com.vontu.lookup.liveldap.LiveLdapLookup.properties = LiveLdapLookup.properties
Step 2 - Update LiveLdapLookup.properties
\Vontu\Protect\config\LiveLdapLookup.properties:
servername = <LDAPSERVERNAME> (e.g. oak.vontu.corp)
port = 389
basedn = <base distinguished name> (e.g. DC=vontu,DC=corp)
authtype = simple
username = <username w/ read access) (e.g. Vontu\<your Windows login>)
password = <password for your username)
You will also need to define Custom Attribute Mappings. Here's an example:
## ----- Custom Attribute Mappings ------------
#
# In the following section custom attributes in the Vontu Enforce server can be assigned
# an LDAP query. The format for this mapping is the following:
#
# attr.VontuCustomAttributeName = searchbase:(searchfilter=$variable$):ldapAttribute
#
# If the VontuCustomAttributeName requires a space character you should escape it with a backslash.
#
# You can assign queries to temporary variables and use those variables in subsequent
# queries. For example:
# attr.TemporaryVariable = <query here>
# This would declare a variable called TemporaryVariable. The value stored in this variable can
# be referenced using $Temporary$ in subsequent queries.
#
attr.Title = ou=Users:(mail=$sender-email$):title
attr.Telephone\ Number = ou=Users:(mail=$sender-email$):telephoneNumber
attr.Country = ou=Users:(mail=$sender-email$):c
attr.Department = ou=Users:(mail=$sender-email$):department
attr.Manager = ou=Users:(mail=$sender-email$):manager
attr.Manager\ Email = ou=Users:(distinguishedName=$Manager$):mail
The syntax of the attribute string is as follows:
Before the equal sign is 'attr.' followed by the name of the custom attribute as configured on the DLP enforce server. The custom attribute names (e.g. 'attr.Title') MUST match custom attributes that already exist. Any spaces must be escaped with backslashes, as shown in the example above. Note that the complete string is also case-sensitive, including the 'attr.' prefix as well as the attribute name.
After the equal sign, the first section (before the first colon) is the location in the LDAP tree where the search for this attribute will be performed ('ou=Users' in this example). If the search will be done from the base DN, you should omit this part.
The second section (between the two colons) is the LDAP search filter. In this example, we are searching for any object whose 'mail' attribute matches the 'sender-email' variable retrieved from the incident.
The third section (after the last colon) is the LDAP attribute that will be searched for, and populated into the DLP custom attribute.
Steps to follow once the properties files are updated:
1. Restart Vontu Manager service on the Enforce server, whenever Plugins.properties has been modified. (For version 10 and later, you must also restart the Vontu Incident Persister service.)
2. Navigate to Custom Attributes page and click Reload Lookup Plug-ins. Make sure you get a green success message.
3. Navigate to an incident snapshot and click Lookup to retrieve custom attributes. Verify that attribute values are populated.