Graylog 4.0 | LDAP Group changes

I’ve recently installed Graylog 4.0 in order to check some features :slight_smile:
It seems mapping LDAP Group is no longer possible without upgrading to Enterprise?
It’s unfortunate because in my prod instance of Graylog 3.x we have developed a whole automated system of mapping Graylog Roles to AD Groups :confused: Graylog 4.0 makes our system obsolete, it actually makes it impossible for us to control anything related to permission on an AD level which is a requirement in my org.

Correct me if I’m wrong but at this moment Graylog 4.0 in terms of permissions is literally no different than ELK with Basic (free) license? I mean - you can log-in using AD but that would be the only difference. No permissions mapped via LDAP without getting a license it seems.

1 Like

Please upvote the request to keep AD group mapping in GL4 in Github :


I also just stumbled across this after doing a test upgrade in the lab to 4.0.0, no more LDAP group mappings… Literally one of the reasons we went with Graylog was its authentication options on the free tier… now… well… A big step backward imo making this a paid for “feature”. Disappointing.


Hi! Permissions management of who has access to what entities like dashboards and alert rules has been simplified and pushed out to the creator/owner of those entities. This means Group Mapping no longer makes sense because access is not managed through roles anymore. AD/LDAP integration is still available in open source for authentication, but for management of large teams or across multiple teams with lots of different job functions, Enterprise will make things a lot easier.

1 Like

You should accept the fact, that many people are not happy with the new permissions model.

Assigning alert rules, dashboards to existing roles would be to easy, I guess? I would assume, that this would be sufficient for most of the users.

At this point, you are disappointing lots of Graylog users and making a big step backwards in maturity of the permission model.

I will stay with 3.3 as long as possible…