1. Describe your incident:
I am attempting to set up Active Directory authentication. I can successfully authenticate users in the domain with this base DN and search pattern:
dc=mydomain;dc=local
→ (&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={0})))
The goal is to create a security group within AD (“Graylog Admins”), assign users to this group, and only allow users of the group to log into Graylog. Thus, I have the search pattern:
(&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={0}))(memberOf=CN=Graylog Admins,OU=Service Users,DC=mydomain,DC=LOCAL))
I have tried this - and every other query that I can think of - to make this work, but I always end up with “User does not exist.” What is the proper way to allow only members of a certain group, login access to Graylog Open?
2. Describe your environment:
-
OS Information: Almalinux 8.6, Linux 4.18.0-372.26.1.el8_6.x86_64
-
Package Version: Graylog 4.2.12+2c655fb