Cannot activate Active Directory authentication service

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I set up Graylog in a Docker environment with compose following the documentation. Everything works like a charm and I wanted to set up Active Directory authentication for my coworkers. All the steps to set it up was good, but at the end I am unable to activate the service. I try to restart the stack, but nothing change.

2. Describe your environment:

  • OS Information:
    The host is Debian Bookworm.
    Docker is on version 25.0.3, version 1.6.28-1.
    Graylog is behind a NGinX reverse proxy.

  • Package Version:
    In my compose file I set :
    Graylog: graylog/graylog:5.2.7
    MongoDB: mongo:6.0.15
    Opensearch: opensearchproject/opensearch:2.13.0

  • Service logs, configurations, and environment variables:
    Here my compose.yml

    container_name: graylog
    hostname: graylog
    image: graylog/graylog:5.2.7
    restart: unless-stopped
        condition: service_started
        required: true
        condition: service_started
        required: true
      - graylog
      - "9000:9000/tcp"    # Server API & WebUI
    # - "5044:5044/tcp"    # Beats
      - "5140:5140/udp"    # Syslog
      - "5140:5140/tcp"    # Syslog
      - "5555:5555/tcp"    # RAW TCP
    # - "5555:5555/udp"    # RAW TCP
      - "12201:12201/tcp"  # GELF TCP
      - "12201:12201/udp"  # GELF UDP
    # - "13301:13301/tcp"  # Forwarder data
    # - "13302:13302/tcp"  # Forwarder config
    # - "10000:10000/tcp"  # Optional Custom TCP port
    # - "10000:10000/udp"  # Optional Custom UDP port
      - 'GRAYLOG_ROOT_TIMEZONE=Europe/Paris'
      - 'GRAYLOG_HTTP_EXTERNAL_URI=http://graylog.sterimed.local/'
      - 'GRAYLOG_ROOT_PASSWORD_SHA2=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
      - 'GRAYLOG_ELASTICSEARCH_HOSTS=http://admin:xxxxx@graylog-opensearch:9200'
      - 'GRAYLOG_MONGODB_URI=mongodb://graylog-mongodb:27017/graylog'
      - 'GRAYLOG_PUBLISH_URI=http://graylog.sterimed.local/'
      - 'GRAYLOG_NODE_ID_FILE=/usr/share/graylog/data/config/node-id'
      - 'GRAYLOG_IS_LEADER=true'
    entrypoint: "/usr/bin/tini -- wait-for-it graylog-opensearch:9200 --  /"
      - /mnt/docker/graylog/usr/share/data/data:/usr/share/graylog/data/data"
      - /mnt/docker/graylog/usr/share/data/journal:/usr/share/graylog/data/journal"

    container_name: graylog-mongodb
    image: mongo:6.0.15
    restart: unless-stopped
      - graylog
      - /mnt/docker/graylog-mongodb/data/db:/data/db

    container_name: graylog-opensearch
    image: opensearchproject/opensearch:2.13.0
    restart: unless-stopped
      - graylog
      - 'OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m'
      - 'bootstrap.memory_lock=true'
      - 'discovery.type=single-node'
      - 'OPENSEARCH_PASSWORD=xxxxxx'
      - ''
      - ''
      - 'node.master=true'
      - ''
      - 'node.ingest=true'
        soft: -1
        hard: -1
        soft: 65536
        hard: 65536
      - /mnt/docker/graylog-opensearch/usr/share/data:/usr/share/opensearch/data

    name: graylog

3. What steps have you already taken to try and solve the problem?
Restart the stack and analyze logs, but nothing happened in the logs.
I also tried to recreate it.

4. How can the community help?
Help me to find the way on how to activate the authentication service. Maybe I miss something in the configuration as it’s the first time I use Graylog.

How/where are you configuring the Active Directory authentication service? And you mean access to the Graylog GUI and not Opensearch, correct?

I go to System > Authentication and use the “Create service” button.

Yes, that is correct.

Are you able to test your connection successfully?

Yes and it works.
I tried with and without TLS, both work.


I just can’t activate the service
The ‘Activate’ button does nothing.

Anything related in the server log?

Unfortunately, no related logs.

Did you configure the User Synchronization portion?

What response comes back from the API call POST system/authentication/services/configuration? This is issued when you hit activate. You can monitor it in the browser dev tools.

Yes, of course and it works well.

Are you sure it is the POST? It says it is to “Update global authentication services configuration” on /api/api-browser.

I never do that, can you explain me how to please?

Just to confirm: when you click activate, did you see the Do you really want to activate popup? Maybe that just got hidden behind another window.


The popup didn’t appear because I was using a web app. In my browser, Vivaldi, web app don’t show JS popup.

Inside the browser with a standard tab I had the popup and was able to activate the service.

Sorry for this silly problem.

Thank you very much for your help and your patience.

1 Like