Skip to content
This repository has been archived by the owner on Jan 17, 2024. It is now read-only.

Client service crashes when AD Lookup occurs for an account that does not reside in an OU #2

Open
mr-burnse opened this issue May 28, 2016 · 0 comments
Labels

Comments

@mr-burnse
Copy link
Contributor

Relevant Module : FalconOrchestrator.LDAP

Description

When the AD Lookup rule is enabled, if a given user account exists in Active Directory but does not reside in an OU (i.e. is in the default Users folder), the client service will throw an unhandled error due to code on line 199 of FalconOrchestrator.LDAP.UserManager.GetMetaData() since the DistinguishedName property value does not contain "OU=".

model.OrganizationalUnit = dn.Substring(dn.IndexOf("OU="));

Expected Result

If an account does not reside in an OU and the "OU=" string does not exist in the DN, return a NULL value for OU to the client.

Error Message

The following error message is shown in RunLog.txt and the client service crashes.

2016-05-27 16:19:10,932 FATAL FalconOrchestrator.Client.FalconOrchestratorService - An unhandled error occured
System.ArgumentOutOfRangeException: StartIndex cannot be less than zero.
Parameter name: startIndex
  at System.String.Substring(Int32 startIndex, Int32 length)
  at FalconOrchestrator.LDAP.UserManager.GetMetaData()
  at FalconOrchestrator.Client.ADLookup.LdapQuery()
  at FalconOrchestrator.Client.ADLookup.Execute()
  at FalconOrchestrator.Client.DetectionModel.<>c.<Save>b__5_1(Rule x)
  at System.Collections.Generic.List`1.ForEach(Action`1 action)
  at FalconOrchestrator.Client.DetectionModel.Save()
  at FalconOrchestrator.Client.FalconOrchestratorService.ProcessStream(Stream firehose)
  at FalconOrchestrator.Client.FalconOrchestratorService.Invoke()
@mr-burnse mr-burnse added the bug label May 28, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

1 participant