-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DC] LDAP connector #300
[DC] LDAP connector #300
Conversation
src/connectors/ldap.py
Outdated
'name': 'prefix', | ||
'title': "Prefix Filter", | ||
'prompt': "The folder in LDAP Log Bucket where logs are collected", | ||
'default': "ldap/", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how common is default? is it something only we have?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IIRC ldap logs are ingested to S3 via FluentD, so there's not really a meaningful default to put here; it's what we set up when we configured fluentd.
src/connectors/ldap.py
Outdated
pipe = f'data.{base_name}_pipe' | ||
table = next(db.fetch(f"SHOW TABLES LIKE '{base_name}_connection' IN data")) | ||
options = yaml.load(table['comment']) | ||
stage = options.get('existing_stage', f'data.{base_name}_stage') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think in order for this to work, you have to add the existing_stage
to the yaml_dump
call above?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, good catch; the stage I was using adhered to the 'data.{base_name}_stage' format, which is why this made it through testing.
src/connectors/__init__.py
Outdated
@@ -12,6 +12,7 @@ | |||
from . import tenable_settings | |||
from . import crowdstrike_devices | |||
from . import cisco_umbrella | |||
from . import ldap |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I remember regretting the okta
without _log
and we have it elsewhere, so might it make more sense to call this ldap_logs
? no super strong intuition here, but t might be separate from ldap_settings
or ldap_accounts
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It was azure.py that we regretted (okta.py still exists), but your point is well taken.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Tested by running the UI locally and creating the connection, verifying that the files are ingested properly, and then dropping everything but the stage and creating the connection again using the existing stage flow.