Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps - Status | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Help about LDAP

Help about LDAP

Scheduled Pinned Locked Moved Support
ldapsecurityfirewall
2 Posts 2 Posters 916 Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • hatinvoH Offline
    hatinvoH Offline
    hatinvo
    wrote on last edited by girish
    #1

    This a few minutes ago I saw this in my logs:
    Jun 12 09:02:11 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (|(mail=john-doe)(username=john-doe)) (from 172.18.0.43:48982) Running docker ps | grep 48982 doesn't return anything. Why would there be a search for a username that is in one of my apps? And whose user doesn't have an email address on my cloudron (except for their own email address they used to register in the respective app)?
    A little earlier there were these lines:
    Jun 12 09:00:00 box:ldap user search: dn ou=users, dc=cloudron, scope one, filter (&(&(objectclass=user))(|(username=)(mail=))) (from 172.18.0.4:55868) Jun 12 09:00:00 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (|(username=me)) (from 172.18.0.4:55868), followed by Jun 12 09:01:37 box:ldap user search: dn ou=users, dc=cloudron, scope sub, filter (&(objectclass=user)(|(username=me)(mail=me))) (from 172.18.0.16:57074)
    And why does the internal IP keep changing? Are these all internal IPs of my different apps just querying the LDAP server? Makes sense, but why the one user, randomly (or does that show that this user actually simply just logged in)? Thank you!

    1 Reply Last reply
    0
    • nebulonN Offline
      nebulonN Offline
      nebulon
      Staff
      wrote on last edited by
      #2

      This appears to be someone/bot trying out common usernames in one of your apps. Unfortunately this is not too uncommon, but also not an a real issue if you have strong passwords. The requests will be rate-limited as well to prevent proper brute-force attacks.

      The internal IP is associated to an app, it may or may not change when an app is restarted. However the ldap logs might indicate there are multiple apps configured to use LDAP. The port is actually dynamic per request, so that is the reason why it does not show in docker ps/inspect

      1 Reply Last reply
      0

      Hello! It looks like you're interested in this conversation, but you don't have an account yet.

      Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

      With your input, this post could be even better 💗

      Register Login
      Reply
      • Reply as topic
      Log in to reply
      • Oldest to Newest
      • Newest to Oldest
      • Most Votes

      • Login
      • Don't have an account? Register
      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • Bookmarks
      • Search