cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
eg123
Level 9
Report Inappropriate Content
Message 1 of 6
‎06-09-2019 11:31 AM

DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Hi Guys,

Greetings, i'm testing LDAP feature with DLP-Monitor in my lab but found if apply data protection rules to LDAP users, the rules will not work.

For example, Email Protection Rule-> Sender + belongs to one of end-user groups(OR):

Snipaste_2019-06-10_02-21-29.png

Test web post rule, not working as well..

DLP-Monitor 11.2 installed on ESXi, can confirm appliance has latest policies applied. also run #scm sanity_info no errors found.

 

Below are the details of my configurations:

1. ePO reg server:

1.png

2. Appliance settings:

2.png

 

any where went wrong or did i missed someting? btw the rules work good if not using LDAP. thanks in advance.

0 Kudos
Reply
1 Solution

Accepted Solutions
eg123
Level 9
Report Inappropriate Content
Message 6 of 6
‎06-24-2019 06:57 AM

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

The exact description of this issue should be: email protection rule not working if apply to OU.

 

Logged a case to support and confirmed it's a bug and will be fixed at 11.3.

View solution in original post

0 Kudos
Reply
5 Replies
DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6
‎06-11-2019 12:59 AM

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Please check for couple of details.

 

1. What happens if we use Any User instead of a particular User Group? If AD is configured, we still should get user information?

2. Can you please share the sanity test results?

scm sanity_info

3. If you can attach MER , then I can check it for you.

 

0 Kudos
Reply
DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 6
‎06-12-2019 01:27 AM

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution
Please share if any update is there regarding the suggestions, Thanks.
0 Kudos
Reply
DLP_RV
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6
‎06-12-2019 03:22 AM

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Run the MER tool on DLP Monitor, unzip the MER logs and check report.html.

On right hand corner there will be a drop down, select the "System Tests". Check sections "Check for LDAP Connectivity" and "List netbios details from LDAP database".

 

There should be no errors in that section of the report. If there are any problems fix that and the configured rules should work.

For Web Protection rules, do check the format in which the authenticated user is sent from the web 

When applying web protection rules, McAfee DLP Prevent can get user information from:

X-Authenticated-User ICAP request header sent from the web gateway.
McAfee Logon Collector

Supported authentication schemes
The McAfee DLP Prevent appliance supports the WINNT, NTLM, and LDAP authentication schemes to process the X-Authenticated-User header from the web gateway.

The McAfee DLP Prevent appliance expects the format for the X-Authenticated-User header to be in one of these formats for Active Directory:

NTLM — NTLM://
WINNT — WINNT://
NOTE: NTLM with OpenLDAP is not supported.
With LDAP, McAfee DLP Prevent expects the X-Authenticated-User header to be in the format LDAP:// for Active Directory and OpenLDAP.

NOTE: McAfee DLP Prevent uses the distinguishedName LDAP attribute to retrieve user details for web protection rules. Verify that your LDAP server exposes this attribute to ensure that the LDAP authentication scheme works correctly.

https://docs.mcafee.com/bundle/data-loss-prevention-11.0.400-product-guide-epolicy-orchestrator/page...

0 Kudos
Reply
DLP_RS
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 6
‎06-20-2019 03:25 AM

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

Are you still seeing this issue? Please let us know. 

0 Kudos
Reply
eg123
Level 9
Report Inappropriate Content
Message 6 of 6
‎06-24-2019 06:57 AM

Re: DLP-Monitor: If apply data protection rules to LDAP users, it's not working

Jump to solution

The exact description of this issue should be: email protection rule not working if apply to OU.

 

Logged a case to support and confirmed it's a bug and will be fixed at 11.3.

View solution in original post

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com

Legal   |   Privacy   |   Copyright © 2020 McAfee, LLC