[DC] LDAP connector #300
[DC] LDAP connector #300
Conversation
src/connectors/ldap.py
Outdated
| 'name': 'prefix', | ||
| 'title': "Prefix Filter", | ||
| 'prompt': "The folder in LDAP Log Bucket where logs are collected", | ||
| 'default': "ldap/", |
There was a problem hiding this comment.
how common is default? is it something only we have?
There was a problem hiding this comment.
IIRC ldap logs are ingested to S3 via FluentD, so there's not really a meaningful default to put here; it's what we set up when we configured fluentd.
src/connectors/ldap.py
Outdated
| pipe = f'data.{base_name}_pipe' | ||
| table = next(db.fetch(f"SHOW TABLES LIKE '{base_name}_connection' IN data")) | ||
| options = yaml.load(table['comment']) | ||
| stage = options.get('existing_stage', f'data.{base_name}_stage') |
There was a problem hiding this comment.
I think in order for this to work, you have to add the existing_stage to the yaml_dump call above?
There was a problem hiding this comment.
Ah, good catch; the stage I was using adhered to the 'data.{base_name}_stage' format, which is why this made it through testing.
src/connectors/__init__.py
Outdated
| @@ -12,6 +12,7 @@ | |||
| from . import tenable_settings | |||
| from . import crowdstrike_devices | |||
| from . import cisco_umbrella | |||
| from . import ldap | |||
There was a problem hiding this comment.
I remember regretting the okta without _log and we have it elsewhere, so might it make more sense to call this ldap_logs? no super strong intuition here, but t might be separate from ldap_settings or ldap_accounts?
There was a problem hiding this comment.
It was azure.py that we regretted (okta.py still exists), but your point is well taken.
Tested by running the UI locally and creating the connection, verifying that the files are ingested properly, and then dropping everything but the stage and creating the connection again using the existing stage flow.