First Question: Im using Active Directory Authentication in my System. Where can i setup that the Username Field will be always in lowercase? Because the Admin’s of the AD got very creative with Caps and i want avoid problems with that in the Future.
Second Question: Im trying to Share Streams with Users through API. Im using /authz/shares/entities/ Endpoint for that. I have found out that this replaces all Objects when im trying to add a single User. For now i build up which User have Access to what Stream before, but ive read somewhere that there was a Request to implement another method but cant find it anymore. Also i dont get what the “prepare” Endpoint does.
2. Describe your environment:
Graylog Version 4.x Opensource with Docker
Im happy for any Hint or Link to Documentation which answers my Questions.
If I understand your question correct, If your Graylog Server is connected to Active Directory then this would be your policy in AD. You can make a GPO to insure the correct procedure of user names. So when the user logs on for the first time they would have to use all lowercase letters for there name during there logon. If your making a local user, meaning creating one from the Web UI. I’m not 100% sure but I don’t think Graylog is capable of that.
As for your second question.
I’m unfamiliar with using API to execute a shared stream with other users. Maybe someone else here has done this and this question does look familiar also. If I come across it I’ll post it here.
Hi, thank you for answering, i will try to describe my questions a little bit better
If I understand your question correct, If your Graylog Server is connected to Active Directory then this would be your policy in AD. You can make a GPO to insure the correct procedure of user names. So when the user logs on for the first time they would have to use all lowercase letters for there name during there logon. If your making a local user, meaning creating one from the Web UI. I’m not 100% sure but I don’t think Graylog is capable of that.
Im using mail as Username Attribute. So if a User is logging in for the first time, the Graylog Account is created(On Graylog). If the the Username/email in AD is UsERnAME@Company.tld, because the AD Admins are funny, the created Username in Graylog would also be in this Style. Even if the User never use such capital style.
If i just ignore it, and lowercase everything, if have a Problem if the AD Admins change the capitalization of Letters. In that case, the user can Login but dont get his usually assigned Right, because Graylog create a new user.
So i would prefer lowercasing the Username Field.
I think i will split this Topic and rename the Subject, if possible, so that it would be better to work one.
Take control of your Active directory so this will not happen. Unfortunately Graylog only shows what it gets from AD. So your problem is with Active directory.
You can reconfigure these user/s names by editing each user.
.
EDIT: No need to split up this post.
