Skip to content

Commit

Permalink
x-pack/filebeat/input/entityanalytics/provider/activedirectory: do no…
Browse files Browse the repository at this point in the history 
…t consider computers to be users (#42796) (#43015)

Active Directory classifies computers in the set of users, so
(objectClass=user) is not an adequately tight query to only return human
users. Adding the (objectCategory=person) condition resolves this.

(cherry picked from commit 058f4bd)

Co-authored-by: Dan Kortschak <dan.kortschak@elastic.co>
  • Loading branch information
@mergify @efd6
mergify[bot] and efd6 authored Mar 4, 2025
1 parent b8416c8 commit 2393f81
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.next.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ otherwise no tag is added. {issue}42208[42208] {pull}42403[42403]
- Fix truncation of bodies in request tracing by limiting bodies to 10% of the maximum file size. {pull}42327[42327]
- Fix entityanalytics activedirectory provider full sync use before initialization bug. {pull}42682[42682]
- In the `http_endpoint` input, fix the check for a missing HMAC HTTP header. {pull}42756[42756]
- Prevent computer details being returned for user queries by Activedirectory Entity Analytics provider. {issue}11818[11818] {pull}42796[42796]

*Heartbeat*

Expand Down
6 changes: 3 additions & 3 deletions ...nput/entityanalytics/provider/activedirectory/internal/activedirectory/activedirectory.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,9 +86,9 @@ func GetDetails(url, user, pass string, base *ldap.DN, since time.Time, userAttr
}

// Get users in the directory...
userFilter := "(objectClass=user)"
userFilter := "(&(objectCategory=person)(objectClass=user))"
if sinceFmtd != "" {
userFilter = "(&(objectClass=user)(whenChanged>=" + sinceFmtd + "))"
userFilter = "(&(objectCategory=person)(objectClass=user)(whenChanged>=" + sinceFmtd + "))"
}
usrs, err := search(conn, baseDN, userFilter, userAttrs, pagingSize)
if err != nil {
Expand Down Expand Up @@ -120,7 +120,7 @@ func GetDetails(url, user, pass string, base *ldap.DN, since time.Time, userAttr
for i, u := range modGrps {
modGrps[i] = "(memberOf=" + u + ")"
}
query := "(&(objectClass=user)(|" + strings.Join(modGrps, "") + ")"
query := "(&(objectCategory=person)(objectClass=user)(|" + strings.Join(modGrps, "") + ")"
usrs, err := search(conn, baseDN, query, userAttrs, pagingSize)
if err != nil {
errs = append(errs, fmt.Errorf("failed to collect users of changed groups%w: %w", ErrUsers, err))
Expand Down

0 comments on commit 2393f81

Please sign in to comment.