cancel
Showing results for 
Search instead for 
Did you mean: 
eg123
Level 9
Report Inappropriate Content
Message 1 of 6

DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Hi Guys,

Greetings, i'm testing LDAP feature with DLP-Monitor in my lab but found if apply data protection rules to LDAP users, the rules will not work.

For example, Email Protection Rule-> Sender + belongs to one of end-user groups(OR):

Snipaste_2019-06-10_02-21-29.png

Test web post rule, not working as well..

DLP-Monitor 11.2 installed on ESXi, can confirm appliance has latest policies applied. also run #scm sanity_info no errors found.

 

Below are the details of my configurations:

1. ePO reg server:

1.png

2. Appliance settings:

2.png

 

any where went wrong or did i missed someting? btw the rules work good if not using LDAP. thanks in advance.

1 Solution

Accepted Solutions
Highlighted
eg123
Level 9
Report Inappropriate Content
Message 6 of 6

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

The exact description of this issue should be: email protection rule not working if apply to OU.

 

Logged a case to support and confirmed it's a bug and will be fixed at 11.3.

5 Replies
McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Please check for couple of details.

 

1. What happens if we use Any User instead of a particular User Group? If AD is configured, we still should get user information?

2. Can you please share the sanity test results?

scm sanity_info

3. If you can attach MER , then I can check it for you.

 

McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 3 of 6

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution
Please share if any update is there regarding the suggestions, Thanks.
McAfee Employee DLP_RV
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Run the MER tool on DLP Monitor, unzip the MER logs and check report.html.

On right hand corner there will be a drop down, select the "System Tests". Check sections "Check for LDAP Connectivity" and "List netbios details from LDAP database".

 

There should be no errors in that section of the report. If there are any problems fix that and the configured rules should work.

For Web Protection rules, do check the format in which the authenticated user is sent from the web 

When applying web protection rules, McAfee DLP Prevent can get user information from:

X-Authenticated-User ICAP request header sent from the web gateway.
McAfee Logon Collector

Supported authentication schemes
The McAfee DLP Prevent appliance supports the WINNT, NTLM, and LDAP authentication schemes to process the X-Authenticated-User header from the web gateway.

The McAfee DLP Prevent appliance expects the format for the X-Authenticated-User header to be in one of these formats for Active Directory:

NTLM — NTLM://
WINNT — WINNT://
NOTE: NTLM with OpenLDAP is not supported.
With LDAP, McAfee DLP Prevent expects the X-Authenticated-User header to be in the format LDAP:// for Active Directory and OpenLDAP.

NOTE: McAfee DLP Prevent uses the distinguishedName LDAP attribute to retrieve user details for web protection rules. Verify that your LDAP server exposes this attribute to ensure that the LDAP authentication scheme works correctly.

https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page...

McAfee Employee DLP_RS
McAfee Employee
Report Inappropriate Content
Message 5 of 6

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Are you still seeing this issue? Please let us know. 

Highlighted
eg123
Level 9
Report Inappropriate Content
Message 6 of 6

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

The exact description of this issue should be: email protection rule not working if apply to OU.

 

Logged a case to support and confirmed it's a bug and will be fixed at 11.3.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community