Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

LDAP Attribute lookups

Created: 26 Feb 2010 | 7 comments

I believe I have all the required settings set, but obviously I don't.  Whenever I try to do a lookup on an incident I see this in the log file:
 

[com.vontu.manager.admin.workflow.attributes.CustomAttributeLookup] No plugin chains have been configured for the following loaded plugins: [class com.vontu.lookup.liveldap.LiveLdapLookup]Please configure the com.vontu.plugins.execution.chain property in plugins.properties

Here is my plugins.property file:
 

# Inductor plug-ins.
# A comma-separated list of accepted inductor plug-ins specified in Specification-Title attribute
# of plug-in JAR manifest. JAR manifest should also specify Protect-Minimum-Version such as 4.0.0.0.
com.vontu.messaging.induction.Inductor.plugins=Vontu CopyRule Inductor,Vontu FileScan Inductor,Vontu ICAP Inductor,Vontu Inline SMTP Inductor,Vontu PacketCapture Inductor,Vontu Discover Inductor,Vontu Aggregator Inductor,Vontu Lotus Notes Crawler,NCSO.jar,Notes.jar

# AttributeLookup plug-ins.
# A comma-separated list of attribute lookup plug-ins and JARs they depend on
# specified as Specification-Title attribute of plug-in JAR manifest or JAR file name.
com.vontu.api.incident.attributes.AttributeLookup.plugins= Vontu Live LDAP Lookup
# Plugin Execution Chain.
# A comma-separated list of attribute lookup plug-ins to be executed in sequence.
# Example: com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.xls.ExcelLookup, com.vontu.lookup.script.ScriptLookup
# This example will execute Script Lookup #1 -> ExcelLookup -> Script Lookup #2
# Even if there is only one plugin in the chain, it must be listed here.
com.vontu.plugins.execution.chain=com.vontu.lookup.liveldap.LiveLdapLookup


# Plugin JAR manifests to enable Live LDAP lookups
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup
# Attribute Lookup parameters.
# A comma-separated list of parameter groups that specifies what parameters are sent to lookup plug-ins.
# Acceptable value is any combination of the following literals:
# attachment, incident, message, policy, recipient, sender, server, status.
# Each of them specifies a group of one or more attributes:
# attachment
#  attachment-nameX
# attachment-sizeX
# , where X is the unique index to distinguish between mutliple attachments,
#   for example, attachment-name1, attachment-size1, attachment-name2, attachment-size2 and so on. 
# incident
# date-detected
# incident-id
# protocol
# message
# date-sent
# subject
# file-create-date
# file-access-date
# file-created-by
# file-modified-by
# file-owner
# discover-content-root-path
# discover-location
# discover-name
# discover-extraction-date
# discover-server
# discover-notes-database
# discover-notes-url
# endpoint-volume-name
# endpoint-dos-volume-name
# endpoint-application-name
# endpoint-application-path
# endpoint-file-name
# endpoint-file-path
# policy
# policy-name
# recipient
 recipient-emailX
# recipient-ipX
# recipient-urlX
# , where X is the unique index to distinguish between mutliple recipients,
#   for example, recipient-email1, recipient-ip1, recipient-url1, recipient-email2, recipient-ip2, recipient-url2 and so on. 
# sender
 sender-email
# sender-ip
# sender-port
# endpoint-user-name
# endpoint-machine-name
# server
# server-name
# monitor
#  monitor-name
# monitor-host
# monitor-id
# status
# incident-status
# acl
# acl-principalX  (String representing the user or group to whom the acl applies)
# acl-typeX  (String representing whether the acl applies to the FILE or to the SHARE) 
# acl-grant-or-denyX (String representing whether the acl will GRANT or DENY the permission)
# acl-permissionX  (String representing whether the acl denotes READ or WRITE access)
#
# X is the unique index to distinguish between mutliple acl entries,
#   for example, acl-pricinpal1, acl-type1, acl-grant-or-deny1, acl-permission1 
# If none of the above is specified only custom attributes are included into the parameter list.
com.vontu.api.incident.attributes.AttributeLookup.parameters=sender


# Lookup timeout in milliseconds.
#com.vontu.api.incident.attributes.AttributeLookup.timeout=60000
# Automatic lookup.
# Specifies whether the lookup should be triggerred automatically when a new incident is detected.
com.vontu.api.incident.attributes.AttributeLookup.auto=true

# Automatic plugin reload.
# Specifies whether the plugins should be automaticaly reloaded every morning at 3:00.
com.vontu.api.incident.attributes.AttributeLookup.reload=true
# Lookup thread count.
# Specifies maximum number of threads for lookup.
# This setting should be greater than the thread-count of new-incident-commands configuration.
# See com.vontu.manager.command.newincident.new-incident-command.xml in manager.jar
com.vontu.api.incident.attributes.AttributeLookup.thread_count=5


# Live LDAP lookup configuration file
com.vontu.lookup.liveldap.LiveLdapLookup.properties = LiveLdapLookup.properties

# Csv Document Lookup configuration file
#com.vontu.lookup.csv.CsvLookup.properties = CsvLookup.properties

# Script Lookup configuration file
#com.vontu.lookup.script.ScriptLookup.properties = ScriptLookup.properties

Does this look right?

Comments 7 CommentsJump to latest comment

waphil00's picture

Hi try modifying the second section as follows:

# AttributeLookup plug-ins.
# A comma-separated list of attribute lookup plug-ins and JARs they depend on
# specified as Specification-Title attribute of plug-in JAR manifest or JAR file name.
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup

waphil00's picture

Hi

This is working in my test environment. It uses only LDAP lookups to ActiveDirectory.
regards

Philipp

# Inductor plug-ins.
# A comma-separated list of accepted inductor plug-ins specified in Specification-Title attribute
# of plug-in JAR manifest. JAR manifest should also specify Protect-Minimum-Version such as 4.0.0.0.
com.vontu.messaging.induction.Inductor.plugins=Vontu CopyRule Inductor,Vontu FileScan Inductor,Vontu ICAP Inductor,Vontu Inline SMTP Inductor,Vontu PacketCapture Inductor,Vontu Discover Inductor,Vontu Aggregator Inductor,Vontu Lotus Notes Crawler,Vontu Classification Inductor,NCSO.jar,Notes.jar

# AttributeLookup plug-ins.
# A comma-separated list of attribute lookup plug-ins and JARs they depend on
# specified as Specification-Title attribute of plug-in JAR manifest or JAR file name.
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup

# Plugin Execution Chain.
# A comma-separated list of attribute lookup plug-ins to be executed in sequence.
# Example: com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.xls.ExcelLookup, com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.datainsight.DataInsightLookup
# This example will execute Script Lookup #1 -> ExcelLookup -> Script Lookup #2 -> Data Insight Lookup
# Even if there is only one plugin in the chain, it must be listed here.
com.vontu.plugins.execution.chain=com.vontu.lookup.liveldap.LiveLdapLookup

# Plugin JAR manifests to enable Live LDAP lookups
# com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup

# Plugin JAR manifests to enable Data Insight lookups
#com.vontu.api.incident.attributes.AttributeLookup.plugins=Data Insight Lookup

# Attribute Lookup parameters.
# A comma-separated list of parameter groups that specifies what parameters are sent to lookup plug-ins.
# Acceptable value is any combination of the following literals:
# attachment, incident, message, policy, recipient, sender, server, status.
# Each of them specifies a group of one or more attributes:
# attachment
#  attachment-nameX
# attachment-sizeX
# , where X is the unique index to distinguish between mutliple attachments,
#   for example, attachment-name1, attachment-size1, attachment-name2, attachment-size2 and so on. 
# incident
# date-detected
# incident-id
# protocol
# data-owner-name
# data-owner-email
# message
# date-sent
# subject
# file-create-date
# file-access-date
# file-created-by
# file-modified-by
# file-owner
# discover-content-root-path
# discover-location
# discover-name
# discover-extraction-date
# discover-server
# discover-notes-database
# discover-notes-url
# endpoint-volume-name
# endpoint-dos-volume-name
# endpoint-application-name
# endpoint-application-path
# endpoint-file-name
# endpoint-file-path
# policy
# policy-name
# recipient
# recipient-emailX
# recipient-ipX
# recipient-urlX
# , where X is the unique index to distinguish between mutliple recipients,
#   for example, recipient-email1, recipient-ip1, recipient-url1, recipient-email2, recipient-ip2, recipient-url2 and so on. 
# sender
# sender-email
# sender-ip
# sender-port
# endpoint-user-name
# endpoint-machine-name
# server
# server-name
# monitor
#  monitor-name
# monitor-host
# monitor-id
# status
# incident-status
# acl
# acl-principalX  (String representing the user or group to whom the acl applies)
# acl-typeX  (String representing whether the acl applies to the FILE or to the SHARE) 
# acl-grant-or-denyX (String representing whether the acl will GRANT or DENY the permission)
# acl-permissionX  (String representing whether the acl denotes READ or WRITE access)
#
# X is the unique index to distinguish between mutliple acl entries,
#   for example, acl-pricinpal1, acl-type1, acl-grant-or-deny1, acl-permission1 
# If none of the above is specified only custom attributes are included into the parameter list.
com.vontu.api.incident.attributes.AttributeLookup.parameters=sender-email, file-owner

# Attribute Lookup output parameters
# A comma-separated list that specifies which parameters can be modified by lookup plug-ins.  These parameters
# can be specified in lookup plug-in configurations and scripts using the same syntax as custom attributes.
#
# Acceptable value is any combination of the following literals:
#  data-owner-name
# data-owner-email
#
com.vontu.api.incident.attributes.AttributeLookup.output.parameters=sender-email,file-owner,endpoint-user-name

# Lookup timeout in milliseconds.
com.vontu.api.incident.attributes.AttributeLookup.timeout=60000

# Automatic lookup.
# Specifies whether the lookup should be triggerred automatically when a new incident is detected.
com.vontu.api.incident.attributes.AttributeLookup.auto=true

# Automatic plugin reload.
# Specifies whether the plugins should be automaticaly reloaded every morning at 3:00.
com.vontu.api.incident.attributes.AttributeLookup.reload=false

# Lookup thread count.
# Specifies maximum number of threads for lookup.
# This setting should be greater than the thread-count of new-incident-commands configuration.
# See com.vontu.manager.command.newincident.new-incident-command.xml in manager.jar
com.vontu.api.incident.attributes.AttributeLookup.thread_count=5

# Live LDAP lookup configuration file
com.vontu.lookup.liveldap.LiveLdapLookup.properties = LiveLdapLookup.properties

# Csv Document Lookup configuration file
#com.vontu.lookup.csv.CsvLookup.properties = CsvLookup.properties

# Script Lookup configuration file
#com.vontu.lookup.script.ScriptLookup.properties = ScriptLookup.properties

# Data Insight Lookup configuration file
#com.vontu.lookup.datainsight.DataInsightLookup.properties = DataInsightLookup.properties

# Incident Response Action configuration parameters.
#com.symantec.dlpx.flexresponse.Plugin.plugins = plugin1.jar, plugin2.jar, etc...
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.maximum-incident-batch-size = 100
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.keep-alive-time = 60000
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.serial-timeout = 60000

waphil00's picture

## --------- Vontu Live LDAP Plugin -----------------
#
#  This is the property file for Live LDAP Lookup plugin
#
##

## --------- LDAP Server Connection Parameters ------
#
servername = yourdomaincontroller.domain.com
port = 389
basedn = DC=YOURDOMAIN,DC=COM
authtype = simple
username = domain\\yourldapusername
password = yourpassword

## --------- Custom Attribute Mappings --------------
#
#  In the following section custom attributes in the Vontu Enforce server can be assigned
#  an LDAP query.  The format for this mapping is the following:
#
#  attr.VontuCustomAttributeName = searchbase:(searchfilter=$variable$):ldapAttribute
#
#  If the VontuCustomAttributeName requires a space character you should escape it with a backslash.
#
#  You can assign queries to temporary variables and use those variables in subsequent
#  queries.  For example:
#               attr.TemporaryVariable = <query here>
#  This would declare a variable called TemporyVariable.  The value stored in this variable can
#  be referenced using $TemporaryVarible$ in subsequent queries.
#

attr.First\ Name = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):givenName
attr.Last\ Name = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):sn
attr.Telephone\ Number = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):telephoneNumber
attr.Sender\ Email = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):mail
attr.Business\ Unit = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):department
attr.Title = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):title
attr.Office = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):physicalDeliveryOfficeName
attr.Description = :(|proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):description
attr.Mobile = :(|(proxyAddresses=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):mobile

sys73r's picture

hey guys, I've been trying to get this done without any luck so far:

When i try to reload the plugins:

System > Incident Data > Attributes > custom attributes > reload lookup plugins:

I get the message: "Custom Attribute Lookup Plug-in(s) were loaded successfully."

Then I go to Incidents, go into one and click "Lookup" on the attributes section it shows nothing and on the Incident history it says:

Date Submitted By Summary
8/17/11 2:12 PM testUser
Attribute Lookup Completed
Name=
LName=

the tomcat/log shows:

Thread: 15 INFO [com.vontu.enforce.workflow.attributes.CustomAttributeLookup] Loaded Custom Attribute Lookup Plug-ins. The following Custom Attribute Lookup Plug-ins were loaded: com.vontu.lookup.liveldap.LiveLdapLookup.

the Vontu manager log shows nothing...

any suggestions?

thank you!

Lippi's picture

Why you dont use CsvLookup? I know its not dynamic... but its more customizable

Att,

Lippi

sys73r's picture

thanks for the feedback, however with a *zillion users a cvslookup, I'm affraid, isn't the best way to go on my scenario.

fcruchaga's picture

I think the problem you have is that you have this line twice (by default the sample that comes with Vontu has it twice)

com.vontu.api.incident.attributes.AttributeLookup.plugins= Vontu Live LDAP Lookup

You need to comment out (#) the second one for this to work.

Hope this helps.