Hi I am running 3.0.2 and am trying to place Graylog into using AD authentication. I have a group called “Graylog2” in my Users section of my AD server. Below are my settings but I still receive the below error.
The test server connection works but I receive the below error…
You should also fill group mapping
Check Search Base DN. Your domain name there seems unusually long, like zzzzz.ddd.bbb.com
Yes, our domain is something like… domain.k12.state.us
So I have the equivalent of cn=Users,dc=domain,dc=k12,dc=state,dc=us as my search domain.
it may be that you want:
OU=Users,OU=domain,OU=k12,DC=state,DC=us
‘Users’ is default container under domain root? Or this is OU?
I’m using the default Users container under the domain root.
You have this in User mapping → Search base DN. In Group mapping → Group search base DN you have ou=Users in first position, try to change it to cn=Users (this was why I asked about Users container).
@Karlis is right, if the you are using the default Users folder it should look similar to the following:
CN=Users,DC=corp,DC=domain,DC=com
If you look at the attributes of your test user and pull the the distinguishedName, it will give you all the correct OU/CN/DC information you need.
Just checking - the test user is located in the default Users folder you are pointing to and is also a member of the Graylog2 AD group… it doesn’t matter where the Graylog2 AD group is located.
Note: It is not necessary to use administrator for LDAP. Best practice is to create normal AD user without admin permissions to verify users in LDAP AD.
Try to login with user@domain not only domain, if it works
Also it is best you check complete path to LDAP user for example with ADSI Edit if it match.
Does you AD use LDAPS please verify:
If you do not have ldpas you must change your settings to:
Regards,
Yes I did the below:
C:\Windows\system32>dsquery group -name Gray*
"CN=Graylog2,CN=Users,DC=xxxxxxxxx,DC=xxxx,DC=xxxx,DC=xx”
And I am using…
CN=Users,DC=xxxxxxxxx,DC=xxxx,DC=xxxx,DC=xx
So not sure why it is not working…
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
