Hello Thank you for your help in advance. The environment I am working in is as follows –
Global company – Lotus notes – Symantec Vontu endpoint and network agents – no email prevent – Ironport - Vontu 11.6.4
>>>14.5 fixing what I can for now. Goal 1 is to Ldap lookup as many end user LDAP attribute details using the LDAP lookup variables. For reporting and syslog. The LiveLdapLookup.
Properties file is missing and not in its original location. I have found several copies elsewhere in the system and not located in Protect/Config. The inadvertent relocation of LiveLdapLookup.properties file may have occurred when an upgrade to 11.6.4 was performed, that was before my time. I have located some LiveLDAP.properties files but they do not appear to be complete or engaged / in production see copy of one of them below.
How is LDAP lookup even working? What’s odd is that LDAP lookups work most but not all of the time. Even with the missing LiveLdapLookup.properties file,, odd?????? I have included a copy of the mis-located LIVE LDAP file at the end of this Doc. Can I use the provided LiveLdaplookup.properties file and just configure it to our environment ? Is this a complete LiveLdapLookup.properties file and just needs to be edited or should I obtain an original copy?
The Previous Administrators have configured 3 LDAP sources corresponding to various global regions For example: Australian LDAP – GreenlandLDAP – ItalyLDAP - Each use the same set of LDAP lookup Variables: Is it Best practice to use 3 LDAP sources? I cannot guarantee that the LDAP structure is the same across all 3 sources. I currently do not have access to view the LDAP’s but will try an LDAP browser next. I feel that it might be best to configure 1 LDAP source in both LiveLDAPLookup.properties file and in the lookup plugins (right now we have three LDAP sources in the lookup plugins section) and configuring our LDAP lookup to start at the base DN or the root domain.
The Network Agent LDAP lookup works great more than 80 percent of the time. An Incident where LDAP lookup works will have both incident details and LDAP variables populated. The SMTP Incident Details (left side of GUI) almost always 99.99999 have the Sender(s) email addresses and recipient email addresses. An incident that does not have the custom attributes looked up will have the SMTP Incident Details (left side of GUI) will have the Sender(s) email addresses and recipient(s) email addresses. Put another way we always have the incident details sender / recipient but we do not always get our custom attribute lookup. I believe the cause to be that we are not high enough up in the LDAP Tree so these statistics may improve once we move our Base DN.
Research and reading links are below the LIVELDAPLOOKUP>properties file ## --------- Vontu Live LDAP Plugin ----------------- # #
This is the property file for Live LDAP Lookup plugin # ## ## --------- LDAP Server Connection Parameters ------ # servername = server.test.lab port = 389 basedn = DC=test,DC=lab authtype = simple username = test\\Administrator password = test ## --------- Custom Attribute Mappings -------------- # # In the following section custom attributes in the Vontu Enforce server can be assigned # an LDAP query.
The format for this mapping is the following: # # attr.VontuCustomAttributeName = searchbase:(searchfilter=$variable$):ldapAttribute # # If the VontuCustomAttributeName requires a space character you should escape it with a backslash. # # You can assign queries to temporary variables and use those variables in subsequent # queries. For example: # attr.TemporaryVariable = # This would declare a variable called TemporyVariable.
The value stored in this variable can # be referenced using $TemporaryVarible$ in subsequent queries. # attr.First\ Name = cn=users:(email=$sender-email$):firstName attr.Last\ Name = cn=users:(email=$sender-email$):lastName attr.TempDeptCode = cn=users:(email=$sender-email$):deptCode attr.Department = cn=departments:(deptCode=$TempDeptCode$):name attr.Manager = cn=users:(email=$sender-email$):manager attr.Business\ Unit=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):department attr.Employee\ Code=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):employeeID attr.First\ Name=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):givenName attr.Last\ Name=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):sn attr.Phone=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):telephoneNumber attr.Sender\ Email=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):mail attr.Tempmanager=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):manager attr.Manager\ First\ Name=:(distinguishedName=$Tempmanager$):givenName attr.Manager\ Last\ Name=:(distinguishedName=$Tempmanager$):sn attr.Manager\ Phone=:(distinguishedName=$Tempmanager$):telephoneNumber attr.Manager\ Email=:(distinguishedName=$Tempmanager$):mail attr.Region=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):c attr.Country=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):co attr.Postal\ Code=:(|(sAMAccountName=$endpoint-user-name$)(mail=$sender-email$)):postalCode
Research Links:
http://www.symantec.com/connect/articles/what-vari...
https://www.symantec.com/connect/articles/enabling...https://www.symantec.com/connect/articles/configur...
https://support.symantec.com/en_US/article.TECH222...https://www.symantec.com/connect/forums/ldap-attri...
https://www.symantec.com/connect/forums/problems-l...https://www.symantec.com/connect/forums/syslog-fields
https://support.symantec.com/en_US/article.TECH221...https://support.symantec.com/en_US/article.TECH221...