Video Screencast Help

LDAP Lookup for Endpoint & Discover - 11.5

Created: 02 Aug 2012 | 2 comments
ANaybor's picture


I've encountered an issue on multiple occasions in 11.5 where the LDAP lookup plugin does not return values for (sAMAccontName=$file-owner$) and (sAMAccontName=$endpoint-user-name$)) in the file (yes, the plugin is enabled in Basically, this translates to a lack of user data being populated when incidents come from Enforce and Discover.

I'm working on recreating this in a test environment now, but was wondering if anyone else had experienced this issue... or whether this is a known issue with the addition of these "sAMAccount" fields to 11.5. Can't find anything in the admin guide or the Lookup Plugin guide that mentions anything about setting this up specifically.

Thanks in advance,


Discussion Filed Under:

Comments 2 CommentsJump to latest comment

ANaybor's picture

Another thing worth mentioning--- Endpoint incidents from SMTP seem to be populating from LDAP via the (mail=$sender-email$) field---- but for instance, an endpoint incident generated from a clipboard violation does not populate from the sAMAccount fields.

kishorilal1986's picture

Hi ANaybor,

In general, Endpoint can not access LDAP Servers when setup when AD User Groups are used.
This is due to the way the AD User Group resolution is performed. The Endpoint does not use LDAP but the ADSI API to access the local AD resources.

In detail:

1.The current solution on the endpoint uses ADSI API to query the AD. The current support is only for MS Active Directory.
2.It supports querying of groups from AD for the specified user

PM-1430 has been filed for "LDAP support - Tivoli Directory Server for endpoint group based policies." , which essentially requests support for LDAP referencing on the Endpoint when AD User Groups is in use. There is currently no target version set. Please contact your Account Manager or PM for consideration. You can also contact support to see if a target version has been set.