Hi Gerald,
Thank you for your message. I am posting back here in the Discussion to help others in the community in the future.
So the manager's name you require is contained in a String Representation of a Distinguished Name (DN/CN) and an example would be:
"CN=John D.\, Smith, OU=Group ABC, OU=Users"To parse the manager's name from this String, I suggesting using Regex. Here is an example script to explain:
import re
sample_dn = "CN=John D.\, Smith, OU=Group ABC, OU=Users"
log.info(sample_dn)
manager_cn_split = re.split(r"([A-Z]{2}=)", sample_dn)
manager_name = manager_cn_split[2]
log.info(manager_name)Then combining the above script with your post-process, the result would be:
import re
inputs.ldap_search_base = "
inputs.ldap_search_filter = "(&(objectClass=person)(mail=%ldap_param%))"
inputs.ldap_search_attributes = "samaccountName,cn,company,mail,telephoneNumber,department,extensionAttribute6,title,manager"
inputs.ldap_search_param = artifact.value
ENTRY_TO_DATATABLE_MAP = {
"sAMAccountName": "dt_parties_involved_employeeid",
"cn": "dt_parties_involved_fullname",
"company": "dt_parties_involved_company",
"mail": "dt_parties_involved_email_address",
"department": "dt_parties_involved_department",
"manager": "dt_parties_involved_manager",
"title": "dt_parties_involved_title",
"extensionAttribute6": "dt_parties_involved_elevatedaccount",
"telephoneNumber": "dt_parties_involved_telephonenumber"
}
if(results.success):
incident.properties.show_ldap_tab = "1"
for entry in results["entries"]:
if entry is None:
break
else:
row = incident.addRow("dt_parties_involved")
incident.addArtifact("employee_sam_account_name", entry["sAMAccountName"], "Employee ID")
for k in ENTRY_TO_DATATABLE_MAP:
if entry[k] is None:
row[ENTRY_TO_DATATABLE_MAP[k]] = "N/A"
try:
if len(entry[k]) == 0:
row[ENTRY_TO_DATATABLE_MAP[k]] = "N/A"
elif isinstance(entry[k], unicode):
row[ENTRY_TO_DATATABLE_MAP[k]] = entry[k]
else:
row[ENTRY_TO_DATATABLE_MAP[k]] = entry[k][0]
if k == "manager":
manager_cn = row[ENTRY_TO_DATATABLE_MAP[k]]
manager_cn_split = re.split(r"([A-Z]{2}=)", manager_cn)
manager_name = manager_cn_split[2]
row[ENTRY_TO_DATATABLE_MAP[k]] = manager_name
except IndexError:
row[ENTRY_TO_DATATABLE_MAP[k]] = "N/A"
The main changes to the script:
- Importing re
- Handling if the key == "manager" and parsing the manager name
- Removed the cast to str() for the entry - in order to handle Unicode
Hopefully the above helps!
Shane.
------------------------------
Shane Curtin
Integrations Engineer - IBM Resilient
------------------------------
Original Message:
Sent: Fri April 05, 2019 03:39 AM
From: Shane Curtin
Subject: LDAP Utilities: Search, extra characters in table.
Hi Gerald,
Thank you for reaching out to us through our Community Forum!
If you could post the post-process script of the LDAP Search Function I could help modify it so it displays the data in the Manager column more clearly...
Shane
------------------------------
Shane Curtin
Integrations Engineer - IBM Resilient
Original Message:
Sent: Thu April 04, 2019 04:35 PM
From: Gerald Trueblood
Subject: LDAP Utilities: Search, extra characters in table.
We are using the LDAP Utilities Search function to query a user using there email address. The field in AD has a extra characters (CN=, OU=...)
Is there a way we can parse the data during the pre/post processing script so it will be readable in the data table?
We want the data in the manager column to be presented like the data in the title column.
------------------------------
Gerald Trueblood
------------------------------