Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Help about LDAP

    Support
    ldap security firewall
    2
    2
    132
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • hatinvo
      hatinvo last edited by girish

      This a few minutes ago I saw this in my logs:
      Jun 12 09:02:11 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (|(mail=john-doe)(username=john-doe)) (from 172.18.0.43:48982) Running docker ps | grep 48982 doesn't return anything. Why would there be a search for a username that is in one of my apps? And whose user doesn't have an email address on my cloudron (except for their own email address they used to register in the respective app)?
      A little earlier there were these lines:
      Jun 12 09:00:00 box:ldap user search: dn ou=users, dc=cloudron, scope one, filter (&(&(objectclass=user))(|(username=)(mail=))) (from 172.18.0.4:55868) Jun 12 09:00:00 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (|(username=me)) (from 172.18.0.4:55868), followed by Jun 12 09:01:37 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (&(objectclass=user)(|(username=me)(mail=me))) (from 172.18.0.16:57074)
      And why does the internal IP keep changing? Are these all internal IPs of my different apps just querying the LDAP server? Makes sense, but why the one user, randomly (or does that show that this user actually simply just logged in)? Thank you!

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        This appears to be someone/bot trying out common usernames in one of your apps. Unfortunately this is not too uncommon, but also not an a real issue if you have strong passwords. The requests will be rate-limited as well to prevent proper brute-force attacks.

        The internal IP is associated to an app, it may or may not change when an app is restarted. However the ldap logs might indicate there are multiple apps configured to use LDAP. The port is actually dynamic per request, so that is the reason why it does not show in docker ps/inspect

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Powered by NodeBB