Configuring LDAP Lookup Plugins in Symantec DLP 15.5+

By November 23, 2020Symantec DLP Enforce
You are here:
< Back

To configure one or more LDAP Lookup Plugins, need to follow the below procedure steps.

1Add directory connections from System > Settings > Directory Connections                a) Confirm Authentication test is successful                b) Go to Index Settings tab, complete rebuilding the index (MUST be completed at least once)                c) Go to Index and Replication Status – confirm information is populated with version number and date etc.
2Create custom attributes: (say)Employee Info———————TitleNamePhoneEmailOffice Location Business Info——————DivisionDepartment 
3Create a LDAP plug-in                a) Configure Lookup Parameters                b) Modify Lookup Plugin Chain to enable the plugin               c) Reload plugin each time any modification is made
4Test Lookup

It is important to understand the User Objects in Active Directory Users and Computers and their corresponding LDAP mappings. LADP mapping attributes may differ for different versions of AD schema. See the Microsoft artile for User Object User Interface Mapping.


You may need to run a powershell command to find all properties of the user with samAccountName and collerate attributes mapping. For example, you want see all properties of the user BobJones in your AD. Try the following command in powershell:  PS C:\> Get-ADUser BobJones -Properties *


Say you want to display the following Attributes and here’s the steps are needed:

AttributesAs per Microsoft KBUse Get-ADUser (your env)
Business Divisioncompanycompany
Business Departmentdepartmentdepartment
Employee TitletitlebusinessCategory
Employee NamedisplayNamedisplayName
Employee PhonetelephoneNumbermobile
Employee EmailE-mail-Addressesmail
Employee Office LocationphysicalDeliveryOfficeNameoffice

So the attribute will look like below:


attr.Office\ Location=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):office

attr.Office\ Phone=:(|(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$file-owner$)):mobile





Was this article helpful?
0 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?