Graylog Open: Active Directory Group Membership

1. Describe your incident:
I am attempting to set up Active Directory authentication. I can successfully authenticate users in the domain with this base DN and search pattern:

The goal is to create a security group within AD (“Graylog Admins”), assign users to this group, and only allow users of the group to log into Graylog. Thus, I have the search pattern:
(&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={0}))(memberOf=CN=Graylog Admins,OU=Service Users,DC=mydomain,DC=LOCAL))

I have tried this - and every other query that I can think of - to make this work, but I always end up with “User does not exist.” What is the proper way to allow only members of a certain group, login access to Graylog Open?

2. Describe your environment:

  • OS Information: Almalinux 8.6, Linux 4.18.0-372.26.1.el8_6.x86_64

  • Package Version: Graylog 4.2.12+2c655fb

You want to work under Group Synchronization. Set your Group Search Base DN to be the OU where the AD group is you are working with: (Assumes the graylog_admins group is in the OU BAT_ROLES


Set your Group Search Pattern:


The rest is up to you but that should get you most of the way there!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.