Custom Plugin & Attribute having issues with LDAP Lookup.

I need a solution

Hi All,

I’ve successfully integrated our proxy via ICAP which is feeding our Web Prevent Server.

I noticed the username was showing up as “local://”.  I added a new plugin successfully which outputs Username=sAMaccountname after parsing the ‘sender-email’ argument.  I then created a custom Attribute in our Employee field called “Username”.  We did not have this value prior.  My custom script successfully populates the new “Username” field.

My plugin Chain is as follows:

  1. Custom ICAP Username Parse
  2. LDAP

The exsting LDAP Plugin is as follows:

attr.Employee = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):displayName
attr.Employee Email = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):mail
attr.Employee FirstName = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):givenName
attr.Employee LastName = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):sn
attr.Employee Title = :(|(mail=$sender-email$)(sAMAccountName=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):title
attr.Employee Dept = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):department
attr.Employee Division = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):division
attr.Cost Center = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):ou
attr.TempManager = :(|(mail=$sender-email$)(mail=$data-owner-email$)(sAMAccountName=$endpoint-user-name$)):manager
attr.Supervisor First Name = :(distinguishedname=$TempManager$):givenName
attr.Supervisor Last Name = :(distinguishedname=$TempManager$):sn
attr.Supervisor Email = :(distinguishedname=$TempManager$):mail

When I generate a new ICAP event, DLP successfully executes my custom plugin and fills in the attribute “Username” with what is parsed as the AD sAMaccoutname.  All other fields are blank and from my understanding its due to my LDAP plugin missing the new field to lookup with.

1) I’ve tried to modify my LDAP lookup by adding (sAMAccountName=$Username$) but the lookup never works for Network Events and does not autopopulate or populate with a manual lookup.  I may be doing this incorrectly but I tried multiple ways.  I’m not sure if my order is maybe incorrect?  I need some guidance here.

2) After this change, Endpoint Incidents do not populate any custom attribute fields and when i click on “Lookup” an error message occurs with “Custom Attribute Lookup failed”.  I think this is due to my new custom attribute called “Username”

I think I’m missing something easy here but I’m not too sure at this point I’m getting confused.  Maybe how I modified my LDAP plugin? 

Any guidance at this point would be apperciated.



Leave a Reply