Video Screencast Help

DLP 11.6 LiveLdapLookup

Created: 05 Oct 2012 | 4 comments
Patrick Hahlweg's picture


i try to enrichment custom attributes by using the LiveLdapLookup. Pressing the Lockup Button results in a green bar, but no custom attribute is enriched.

I put all the information as new LDAP Plugin in the GUI.

in previous versions i have done with sucess, but never with 11.6.

my attribute mappings are:

attr.telephoneNumber = DC=area51,DC=e3ag,DC=net:(email=$sender-email$):telephoneNumber
attr.userPrincipalName = DC=area51,DC=e3ag,DC=net:(email=$sender-email$):userPrincipalName

My connection to the Ad is succesful, the cusom attributes are written correct. and in AD i have values defined.

doing the same search with other tools, return the correct user, so the query part should be ok.

is anybody here, which used this new way of define plugins in 11.6 and is using the LiveLdapLookup Plugin?

many thanks in advance for any help

kind regards

Patrick, Switzerland

Comments 4 CommentsJump to latest comment

yang_zhang's picture

I think you need to define the Object Container on your serarch base.

According to your current configuration:

attr.userPrincipalName = DC=area51,DC=e3ag,DC=net:(email=$sender-email$):userPrincipalName

I think you need to change into:

attr.userPrincipalName = DC=area51,DC=e3ag,DC=net,CN=users:(email=$sender-email$):userPrincipalName

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
Mike S.'s picture

I am having issues now also. Everything worked pre 11.6 and now all of my custom attributes are broken. I have a case open with Symantec now but it is not going smoothly.

DLP Solutions2's picture


I am not sure if you understand how the lookup works.

attr.userPrincipalName - means that you have a Custom Attribute in the UI called userPrincipalName, I doubt that this is the case.

The attr.XXX is = to the Custom Attribute Name in your UI. THIS IS CASE SENSITIVE. Here is a typical one that I use.

Make your basedn in the Directory Connection to: DC=e3ag,DC=net

Then in the following lines change the dc=domain to DC=area51. This should get you there.

attr.Sender\ Email = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):mail
attr.First\ Name = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):givenName
attr.Last\ Name = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):sn
attr.Department = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):department
attr.Title = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):title
attr.Phone = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):telephoneNumber
attr.Location = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):l
attr.TempMgrDn = dc=domain:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):manager
attr.Manager\ Email = dc=domain:(distinguishedname=$TempMgrDn$):mail
attr.Manager\ First\ Name = dc=domain:(distinguishedname=$TempMgrDn$):givenName
attr.Manager\ Last\ Name = dc=domain:(distinguishedname=$TempMgrDn$):sn
attr.Manager\ Title = dc=domain:(distinguishedname=$TempMgrDn$):title
attr.Manager\ Phone = dc=domain:(distinguishedname=$TempMgrDn$):telephoneNumber
attr.Manager\ Office = dc=domain:(distinguishedname=$TempMgrDn$):physicalDeliveryOfficeName

Please make sure to mark this as a solution

to your problem, when possible.

DLP Solutions2's picture


If this works for you.. call it solved please.

Please make sure to mark this as a solution

to your problem, when possible.