跳转到主内容

为什么Cloud Insights 工作负载安全活动取证中的用户帐户显示为LDAP:domain.com:s-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX?

Views:
4
Visibility:
Public
Votes:
0
Category:
cloud-insights<a>2009047751</a>
Specialty:
oci
Last Updated:

适用场景

  • Cloud Insights (CI)
  • Cloud Inights工作负载安全性

问题解答

  • 即使已正确配置用户目录收集器来解析给定域的用户、Cloud Insights工作负载安全性中的用户配置文件或活动验证条目 仍可能无法解析用户。这些条目可能会以类似于LDAP:domain.com:s-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX的名称或用户名显示。

    这是因为该应用程序会根据以下查询提取域用户:

    "(&(objectCategory=person)(objectClass=user))"
     
  • 如果LDAP实体的objectCategory不等于"人"、则应用程序不会提取该对象、因此也不会进行解析。要检查某个条目的objectCategory值、请通过SSH连接到代理并向LDAP服务器查询用户。

    示例:
    ldapsearch -o ldif-wrap=no -LLL -x -b "DC=domain,DC=com" -h ldap.domain.com -p 389 -D "CN=bindAccount,OU=Accounts,DC=domain,DC=com" -W "ObjectSID=s-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX"
     
  • 此时将提示输入绑定帐户密码、然后返回指定ObjectSID的实体数据。查找objectCategory值以查看它是否为"人"。否则, 用户目录收集器将不会提取该文件。
     
  • 如果选择了LDOPS协议且仅解析了Unix用户活动、请将收集器的协议更改为Active Directory、并确保"uid"属性在收集器配置中正确映射。这样可以同时解决Windows和Unix用户活动。

追加信息

对于计算机和服务帐户、LDAP实体的objectCategory不等于"人"、因此这些 SID将无法解析。

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.