Active Directory Authentication Crash

I have AD integration setup on Graylog and for most parts it works (users can login and get appropriate permissions).

I’m getting one odd crash which I don’t quite understand in the LDAP settings page.

I have two AD groups, Graylog_Users and Graylog_Admin. Graylog_Users use group mapping to get the Reader role and Graylog_Admin use group mapping to get the Admin role. As Graylog seems to struggle with nested groups an Admin is required to be in both groups.

Anyone not in either of these groups has no access to Graylog.

If I use the login test portion of the form, users which should have access to Graylog (both Readers and Admins) are returned by the test with green ticks for both User Found and User Login.

However if I test with a user that should not have access to Graylog (i.e. is not in the appropriate AD groups) then Graylog crashes with a ‘Cannot convert undefined or null to object’ error.
I was expecting the User to be Not Found and No Login as that user won’t be returned by the User Search Pattern.

User Mapping

DC=DOMAIN,DC=LOCAL

User Search Pattern

(&(objectClass=user)(sAMAccountName={0})(memberOf=CN=Graylog_Users,OU=Tasks - Domain Local,OU=Groups,OU=Domain,DC=Domain,DC=local))

No one?

I don’t want to post another bug as they just sit there for years with no resolution.

We are a smaller environment, but we too are seeing this nested group issue. Would love to see if anyone has any resolutions. Thanks!

If it’s a nested group issue I know Graylog don’t support nested groups. There has been a bug open for years about it on github.

I’m not sure if this is related to nested groups?

I did end up finding a solution the for nested group issue. Now it does still crash when I test a user that does not have access, but I was able to use a nested group for authentication.

All the way to the bottom, pedroparraortega’s comment seemed to work for me.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.