x-pack/filebeat/input/entityanalytics/provider/internal/activedirectory: relax base DN constraint

CHANGELOG.next.asciidoc

@@ -291,6 +291,7 @@ https:/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Add Jamf entity analytics provider. {pull}39996[39996]
 - Add ability to remove request trace logs from http_endpoint input. {pull}40005[40005]
 - Add ability to remove request trace logs from entityanalytics input. {pull}40004[40004]
+- Relax constraint on Base DN in entity analytics Active Directory provider. {pull}40054[40054]
 
 *Auditbeat*
 

x-pack/filebeat/input/entityanalytics/provider/activedirectory/internal/activedirectory/activedirectory.go

@@ -23,8 +23,6 @@
  ErrUsers = errors.New("failed to get user details")
 )
 
-var cnUsers = &ldap.RelativeDN{Attributes: []*ldap.AttributeTypeAndValue{{Type: "CN", Value: "Users"}}}
-
 // Entry is an Active Directory user entry with associated group membership.
 type Entry struct {
  ID string `json:"id"`
@@ -45,10 +43,6 @@
  if base == nil || len(base.RDNs) == 0 {
  return nil, fmt.Errorf("%w: no path", ErrInvalidDistinguishedName)
  }
- baseDN := base.String()
- if !base.RDNs[0].Equal(cnUsers) {
- return nil, fmt.Errorf("%w: %s does not have %s", ErrInvalidDistinguishedName, baseDN, cnUsers)
- }
 
  var opts []ldap.DialOpt
  if dialer != nil {
@@ -66,7 +60,7 @@
  if err != nil {
  return nil, err
  }
  defer conn.Unbind()
 
  var errs []error
 
@@ -77,6 +71,8 @@
  sinceFmtd = since.Format(denseTimeLayout)
  }
 
+ baseDN := base.String()
+
  // Get groups in the directory. Get all groups independent of the
  // since parameter as they may not have changed for changed users.
  var groups directory