[ISSUE] LDAP mapping does not work

Hello guys,

After reading this forum and searching on the web, I haven’t found my issue.
PS: I’m running Graylog Server 3.3 on Centos8

Here it is :
I connected my Graylog instance (master node) to a LDAP server. This connection was successful, and all is working : connection to LDAP, connection with user.

The only issue is the mapping. I wanna map my attribute employeeType to my Graylog roles. Until here all is working :

The issue comes when a new user connects to graylog, it gets only the Defaults roles set into the settings of LDAP, not the mapped ones.

Moreover I see nothing into the Graylog server’s logs.

Here is my configuration part of LDAP : (I’m new user so pictures are posted on imgur)
Img1

Here is the test of LDAP to see if “EmployeeType” is visible :
Img2

This employee “ScheerC” is typed as “COSSI”. As seen before, COSSI should be mapped with “Admin” role.
I precise that this user was not existant into Graylog before mapping and all.

Finally the roles of previous user (should have “Admin”) :
Img3 in links above

Nothing, after deconnect/reconnect, delete/reconnect, etc…
I can still add the role manually, but that’s not the goal.

I hope I misconfigured one thing, and that is not a bug for you guys.
Thanks in advance for your responses, and have a nice day :slight_smile:
Lb

You can’t use attribute for group mapping. It can’t work, you need to use real user groups, so user is member of specific group.

So create groups in LDAP and assign desired users to specific group, than it should work as expected… And use Group Search pattern: (objectClass=groupOfNames) for OpenLDAP or (objectClass=group) for AD.

1 Like