Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    What is behind this lookup in LDAP?

    Support
    ldap logs
    2
    2
    153
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scooke
      scooke last edited by girish

      This a few minutes ago I saw this in my logs:
      Jun 12 09:02:11 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (|(mail=john-doe)(username=john-doe)) (from 172.18.0.43:48982) Running docker ps | grep 48982 doesn't return anything. Why would there be a search for a username that is in one of my apps? And whose user doesn't have an email address on my cloudron (except for their own email address they used to register in the respective app)?
      A little earlier there were these lines:
      Jun 12 09:00:00 box:ldap user search: dn ou=users, dc=cloudron, scope one, filter (&(&(objectclass=user))(|(username=*)(mail=*))) (from 172.18.0.4:55868) Jun 12 09:00:00 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (|(username=me)) (from 172.18.0.4:55868), followed by Jun 12 09:01:37 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (&(objectclass=user)(|(username=me)(mail=me))) (from 172.18.0.16:57074)
      And why does the internal IP keep changing? Are these all internal IPs of my different apps just querying the LDAP server? Makes sense, but why the one user, randomly (or does that show that this user actually simply just logged in)? Thank you!

      A life lived in fear is a life half-lived

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        Yes those log lines indicate a login attempt by an app. Each app makes the requests on the Cloudron local network. So different IPs indicate different apps.

        In your case it looks like someone/bot tries to login to some or your apps.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Powered by NodeBB