Data Loss Prevention

 View Only

  • 1.  Putting Static Data in a custom attribute on the basis of a LDAP lookup

    Posted Jan 12, 2015 06:47 AM

    Morning,

    I have 3 LDAP lookups currently for the three seperate companies for which DLP covers in my organisation. 

    The lookups work fine for what I need where they extract the USERID and the Name based on the key unique email address. They are also practically identical for the lookup itself.The only thing changing is the source of the data.

    The look up is below:

    attr.Name=:(|(mail=$sender-email$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$data-owner-name$)):cn
    attr.Employee\ Email=:(|(mail=$sender-email$)(sAMAccountName=$endpoint-user-name$)(givenName=$sender-email$)):mail
    attr.UserID=:(|(mail=$sender-email$)(givenName=$sender-email$)(sAMAccountName=$endpoint-user-name$)):sAMAccountName

     

    What I would like to do is after LDAP lookup 1 to put "company 1" in the custom attribute "Company" that I have created and to do "company 2" for the LDAP 2 etc etc. however it should only fill this attribute if it finds the user in the lookup. Otherwise even if incident 1 is company 1 and incident 2 is company 2 then all the custom attributes for Company will say company 3 based on LDAP 3 being the last lookup.

    Is this possible and if so how ?

    Thanks for any help.

    Kind Regards,

    Jeremy



  • 2.  RE: Putting Static Data in a custom attribute on the basis of a LDAP lookup

    Trusted Advisor
    Posted Jan 14, 2015 02:38 AM

    hi jeremy,

     From my point of view a way to do it is the following way:

    - in your LDAP lookup, set company value to same value as userID (for example)

    - create a custom plugin for each LDAP plugins (executing it after each lookup). In this plugin you just need to check if company = userID then if it is true, you set value of company attribute to the right company name. This could be only one script, but called with different argument each time (argument which contains company name for example).

     

     Or you could build one custom script which perform all three LDAP check, and then set company attribute value when it find a match.

     Regards.

     



  • 3.  RE: Putting Static Data in a custom attribute on the basis of a LDAP lookup
    Best Answer

    Trusted Advisor
    Posted Jan 20, 2015 05:30 PM

    The easier option would be to go to your AD system and populate EVERY person to have a field for "Company" and then pull that as a new Custome Attribute field as part of the LDAP lookup.

    So within AD - Every user has an AD field "Company" and is populated with the companies name.

    Then configure your LDAP lookups to look for it and then output it as a Custom Attribute.

    attr.Company=:(|(mail=$sender-email$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$data-owner-name$)):company

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak