Hi Guys,
Greetings, i'm testing LDAP feature with DLP-Monitor in my lab but found if apply data protection rules to LDAP users, the rules will not work.
For example, Email Protection Rule-> Sender + belongs to one of end-user groups(OR):
Test web post rule, not working as well..
DLP-Monitor 11.2 installed on ESXi, can confirm appliance has latest policies applied. also run #scm sanity_info no errors found.
Below are the details of my configurations:
1. ePO reg server:
2. Appliance settings:
any where went wrong or did i missed someting? btw the rules work good if not using LDAP. thanks in advance.
Solved! Go to Solution.
The exact description of this issue should be: email protection rule not working if apply to OU.
Logged a case to support and confirmed it's a bug and will be fixed at 11.3.
Please check for couple of details.
1. What happens if we use Any User instead of a particular User Group? If AD is configured, we still should get user information?
2. Can you please share the sanity test results?
scm sanity_info
3. If you can attach MER , then I can check it for you.
Run the MER tool on DLP Monitor, unzip the MER logs and check report.html.
On right hand corner there will be a drop down, select the "System Tests". Check sections "Check for LDAP Connectivity" and "List netbios details from LDAP database".
There should be no errors in that section of the report. If there are any problems fix that and the configured rules should work.
For Web Protection rules, do check the format in which the authenticated user is sent from the web
When applying web protection rules, McAfee DLP Prevent can get user information from:
X-Authenticated-User ICAP request header sent from the web gateway.
McAfee Logon Collector
Supported authentication schemes
The McAfee DLP Prevent appliance supports the WINNT, NTLM, and LDAP authentication schemes to process the X-Authenticated-User header from the web gateway.
The McAfee DLP Prevent appliance expects the format for the X-Authenticated-User header to be in one of these formats for Active Directory:
NTLM — NTLM://
WINNT — WINNT://
NOTE: NTLM with OpenLDAP is not supported.
With LDAP, McAfee DLP Prevent expects the X-Authenticated-User header to be in the format LDAP:// for Active Directory and OpenLDAP.
NOTE: McAfee DLP Prevent uses the distinguishedName LDAP attribute to retrieve user details for web protection rules. Verify that your LDAP server exposes this attribute to ensure that the LDAP authentication scheme works correctly.
Are you still seeing this issue? Please let us know.
The exact description of this issue should be: email protection rule not working if apply to OU.
Logged a case to support and confirmed it's a bug and will be fixed at 11.3.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA