Skip to content

Commit

Permalink
x-pack/filebeat/input/entityanalytics/provider/activedirectory: do no…
Browse files Browse the repository at this point in the history 
…t consider computers to be users (#42796)

Active Directory classifies computers in the set of users, so
(objectClass=user) is not an adequately tight query to only return human
users. Adding the (objectCategory=person) condition resolves this.
  • Loading branch information
@efd6
efd6 authored Mar 4, 2025
1 parent eafca95 commit 058f4bd
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,7 @@ otherwise no tag is added. {issue}42208[42208] {pull}42403[42403]
- [Journald] Fixes handling of `journalctl` restart. A known symptom was broken multiline messages when there was a restart of journalctl while aggregating the lines. {issue}41331[41331] {pull}42595[42595]
- Fix entityanalytics activedirectory provider full sync use before initialization bug. {pull}42682[42682]
- In the `http_endpoint` input, fix the check for a missing HMAC HTTP header. {pull}42756[42756]
- Prevent computer details being returned for user queries by Activedirectory Entity Analytics provider. {issue}11818[11818] {pull}42796[42796]

*Heartbeat*

Expand Down
6 changes: 3 additions & 3 deletions ...nput/entityanalytics/provider/activedirectory/internal/activedirectory/activedirectory.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,9 @@ func GetDetails(url, user, pass string, base *ldap.DN, since time.Time, userAttr
}

// Get users in the directory...
userFilter := "(objectClass=user)"
userFilter := "(&(objectCategory=person)(objectClass=user))"
if sinceFmtd != "" {
userFilter = "(&(objectClass=user)(whenChanged>=" + sinceFmtd + "))"
userFilter = "(&(objectCategory=person)(objectClass=user)(whenChanged>=" + sinceFmtd + "))"
}
usrs, err := search(conn, baseDN, userFilter, userAttrs, pagingSize)
if err != nil {
Expand Down Expand Up @@ -120,7 +120,7 @@ func GetDetails(url, user, pass string, base *ldap.DN, since time.Time, userAttr
for i, u := range modGrps {
modGrps[i] = "(memberOf=" + u + ")"
}
query := "(&(objectClass=user)(|" + strings.Join(modGrps, "") + ")"
query := "(&(objectCategory=person)(objectClass=user)(|" + strings.Join(modGrps, "") + ")"
usrs, err := search(conn, baseDN, query, userAttrs, pagingSize)
if err != nil {
errs = append(errs, fmt.Errorf("failed to collect users of changed groups%w: %w", ErrUsers, err))
Expand Down

0 comments on commit 058f4bd

Please sign in to comment.