Question

LDAP from iData agent

  • 15 February 2021
  • 7 replies
  • 38 views

Userlevel 2
Badge +4

Our security team enabled some more login and found the below request. I think it’s a legit request from our commcell, but I’m not able to find any logfiles where I can see the requests.

Does anyone know in what log file I can look for them?

 

//Henke


7 replies

Userlevel 4
Badge +11

Hey @Henke!  Without giving actual server names, can you confirm who this client is making the requests to?  Is it the Commserve?  A webserver?

I would start with CVD.log for the specified times (factoring in the time zone of the security log vs the client or other servers) as a start.

What iDa is on that client?  That would help build some context as well.

Thanks!

Userlevel 2
Badge +4

Hey @Mike Struening, it’s sending the request to one of the domain controllers.It has the AD iData agent so it would make perfect sense for it so send the request.

 

I’ll have a look in the Cvd.log on the client, thanks.

 

//Henke

Userlevel 4
Badge +11

Ah, yeah that makes perfect sense.  I was thinking perhaps an exchange agent, but AD makes sense for sure.

Keep me posted!

Userlevel 4
Badge +11

Hey @Mike Struening, it’s sending the request to one of the domain controllers.It has the AD iData agent so it would make perfect sense for it so send the request.

 

I’ll have a look in the Cvd.log on the client, thanks.

 

//Henke

Hey @Henke , any luck on the CVD log messages?

Thanks!

Userlevel 2
Badge +4

@Mike Struening ,no luck in that log on the client what I could see.

 

//Henke

Badge +1

Where is the source of the LDAP query that is being made to the DC with the AD ida installed on it? 

Userlevel 4
Badge +11

Appreciate the reply.  

Quick clarification:

Which machine is the SENDER and which is the RECIPIENT?

Is that the Commserve sending to the Active Directory iDA client?

Want to be sure we are checking the right servers with the proper expectations.

Thanks!

Reply