Usernames not understandable in log file

tevfikceydeliler · March 18, 2022, 1:54pm

Hi,
My all users are AD LDAP users. And their nextcloud usernames not meaningful when I look at SIEM or log files
For example:

{
  "reqId": "YjSLrO0EsIvuUGpFEquijQAAAAU",
  "level": 1,
  "time": "18.03.2022, 16:39:56",
  "remoteAddr": "10.32.11.151",
  "user": "2BE98F99-8969-4CEA-9F71-FC6CB5970795",
  "app": "admin_audit",
  "method": "DELETE",
  "url": "/nextcloud/remote.php/dav/files/2BE98F99-8969-4CEA-9F71-FC6CB5970795/ders%20notu%202.docx",
  "message": "File deleted: \"/ders notu 2.docx\"",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
  "version": "23.0.2.1"
}

One of log line. The “user”: “2BE98F99-8969-4CEA-9F71-FC6CB5970795”, raw is not meaningful admin.
I can check it from user list ofcourse but, what if that user deleted from LDAP and nextcloud and I needed to check it for an audit or something
As a result, Is there a wat yo map LDAP username and nextcloud username method?

Regards,

tevfikceydeliler · April 5, 2022, 7:40am

There is no idea?

terhand · September 11, 2022, 5:23pm

Tevfik Thank you for your message. Did you find the answer?

JimmyKater · September 11, 2022, 5:28pm

as less as I understand from it, this “Code” is UID and not User-name.

And as far as I know you can assign certain values from your AD LDAP to variables of NC-LDAP, so to say: you can map them. I bet NC-anmual knows more about how to doing that.

tevfikceydeliler · September 12, 2022, 7:15am

Yes exactly.
I ned mapping LDAP names-NCUID mapping in log .