Hi,
My all users are AD LDAP users. And their nextcloud usernames not meaningful when I look at SIEM or log files
For example:
{
"reqId": "YjSLrO0EsIvuUGpFEquijQAAAAU",
"level": 1,
"time": "18.03.2022, 16:39:56",
"remoteAddr": "10.32.11.151",
"user": "2BE98F99-8969-4CEA-9F71-FC6CB5970795",
"app": "admin_audit",
"method": "DELETE",
"url": "/nextcloud/remote.php/dav/files/2BE98F99-8969-4CEA-9F71-FC6CB5970795/ders%20notu%202.docx",
"message": "File deleted: \"/ders notu 2.docx\"",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36",
"version": "23.0.2.1"
}
One of log line. The “user”: “2BE98F99-8969-4CEA-9F71-FC6CB5970795”, raw is not meaningful admin.
I can check it from user list ofcourse but, what if that user deleted from LDAP and nextcloud and I needed to check it for an audit or something
As a result, Is there a wat yo map LDAP username and nextcloud username method?
Regards,