Client service crashes when AD Lookup occurs for an account that does not reside in an OU

[mr-burnse]

Relevant Module : FalconOrchestrator.LDAP

Description

When the AD Lookup rule is enabled, if a given user account exists in Active Directory but does not reside in an OU (i.e. is in the default Users folder), the client service will throw an unhandled error due to code on line 199 of FalconOrchestrator.LDAP.UserManager.GetMetaData() since the DistinguishedName property value does not contain "OU=".

model.OrganizationalUnit = dn.Substring(dn.IndexOf("OU="));

Expected Result

If an account does not reside in an OU and the "OU=" string does not exist in the DN, return a NULL value for OU to the client.

Error Message

The following error message is shown in RunLog.txt and the client service crashes.

2016-05-27 16:19:10,932 FATAL FalconOrchestrator.Client.FalconOrchestratorService - An unhandled error occured
System.ArgumentOutOfRangeException: StartIndex cannot be less than zero.
Parameter name: startIndex
  at System.String.Substring(Int32 startIndex, Int32 length)
  at FalconOrchestrator.LDAP.UserManager.GetMetaData()
  at FalconOrchestrator.Client.ADLookup.LdapQuery()
  at FalconOrchestrator.Client.ADLookup.Execute()
  at FalconOrchestrator.Client.DetectionModel.<>c.<Save>b__5_1(Rule x)
  at System.Collections.Generic.List`1.ForEach(Action`1 action)
  at FalconOrchestrator.Client.DetectionModel.Save()
  at FalconOrchestrator.Client.FalconOrchestratorService.ProcessStream(Stream firehose)
  at FalconOrchestrator.Client.FalconOrchestratorService.Invoke()