Data Loss Prevention

I'm trying to setup LDAP Custom Attributes and have managed to figure out the easy ones, but the one that is giving me trouble is the manager value. In AD, the value for the 'manager' attribute is a path to the CN containing the name.

For instance: manager: CN=Name\, Last,OU=<>,OU=<>,etc.

I'm using this for manager: attr.Manager First Name =:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):manager

George,

There is a way to do this actually, you can target LDAP to pull back information into a variable called "manager" and then reference the "manager" variable in a secondary LDAP query as seen below. This means that the manager attribute is queried and then it passes all information under that attribute for future requests (as long as the variable is referenced). The example below shows how you could reference a temporary LDAP attribute. This does NOT mean that you have to add the "manager" attribute in SymantecDLP.

attr.ManagerTemp=:(mail=$sender-email$):manager
attr.Manager\ Email=:(manager=$ManagerTemp$):mail

Hope that helps some

George,

Here is how you do it.

The "Manager" info in LDAP is a long winded string (distinguishedname) that you can use to do further lookups. You will need to use this as a TEMP variable and then lookup using it.

attr.TempMgrDn = :(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)):manager
attr.Manager\ Email = :(distinguishedname=$TempMgrDn$):mail
attr.Manager\ First\ Name = :(distinguishedname=$TempMgrDn$):givenName
attr.Manager\ Last\ Name = :(distinguishedname=$TempMgrDn$):sn
attr.Manager\ Title = :(distinguishedname=$TempMgrDn$):title
attr.Manager\ Phone = :(distinguishedname=$TempMgrDn$):telephoneNumber
attr.Manager\ Office = :(distinguishedname=$TempMgrDn$):physicalDeliveryOfficeName

If this solves your questions please marked as solved.

Ronak