LDAP Auth, groups aren't showing

adambirds · February 17, 2018, 11:53am

I have LDAP Auth setup for both User and Group mapping.

Test brings back the groups they are a member of correctly, however when I go to group mapping I get nothing.

Setup as below:

Search Base DN: cn=users,cn=accounts,dc=example,dc=co,dc=uk
User Search Pattern: (&(objectClass=inetOrgPerson)(uid={0}))
Display Name Attribute: cn

Group Search Base DN: cn=groups,cn=accounts,dc=example,dc=co,d c=uk
Group Search Pattern: (objectClass=groupOfNames)
Group Name Attribute: description
Default User Role: Reader

See Auth Test Below:

    User found 
    Login attempt 
    User's LDAP attributes
    telephonenumber
    07768567567
    mail
    adam@example.com
    ipauniqueid
    95876a32-b11f-11e7-8b52-005056a956c2
    krblastpwdchange
    20180216233849Z
    objectclass
    top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser, ipaSshGroupOfPubKeys, mepOriginEntry, ipauser
    loginshell
    /bin/sh
    krbloginfailedcount
    0
    uid
    adam
    homedirectory
    /home/adam
    krbpasswordexpiration
    20180216233849Z
    givenname
    Adam
    mepmanagedentry
    cn=adam,cn=groups,cn=accounts,dc=example,dc=co,dc=uk
    krblastfailedauth
    20180216233923Z
    sn
    Birds
    krbextradata
    �k�Zroot/admin@EXAMPLE.CO.UK
    initials
    AB
    krbcanonicalname
    adam@example.CO.UK
    gidnumber
    1361400003
    krbprincipalname
    adam.birds@example.CO.UK
    mobile
    07786756789
    cn
    Adam
    gecos
    Adam
    uidnumber
    1361400003
    displayname
    Adam
    memberof
    cn=ipausers,cn=groups,cn=accounts,dc=example,dc=co,dc=uk, cn=exampletechnology.graylogadmins,cn=groups,cn=accounts,dc=example,dc=co,dc=uk
    User's LDAP groups
    Example Technology - Graylog Admins
    Default group for all users

Yet all I see on the group mapping page is:

adambirds · February 19, 2018, 8:44am

Any ideas anyone? Thanks

Karlis · February 19, 2018, 11:46am

Group descriptions are not empty?
Try to change Group Search Pattern: (objectClass=group)

adambirds · February 20, 2018, 10:01pm

The Description is where my groups Display Name is. I’m using freeipa, not AD.
Even with Group Search Pattern set to (objectClass=group), none show in the mapping section though it picks up which groups my test user is a member of.

jan · February 21, 2018, 6:11pm

nested groups are currently not supported.

adambirds · February 24, 2018, 5:36pm

How do I make the groups not nested then. I just use freeipa as my LDAP server. Is this something that is in the pipeline?

jan · February 25, 2018, 2:06pm

currently we have the following github issue on that:

https://github.com/Graylog2/graylog2-server/issues/1436

We would welcome any PR that add this to the LDAP Modul. As you can see those issues did not have any specific version assigned.

system · March 11, 2018, 2:06pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unknown attribute issue LDAP integration with Active Directory Graylog Central (peer support)	5	2788	May 10, 2017
LDAP Query Group Graylog Central (peer support)	2	4007	February 28, 2017
LDAP loguin not working Graylog Central (peer support)	5	1613	May 29, 2020
Graylog doesn't map AD Goups Graylog Central (peer support)	3	425	December 26, 2019
[ISSUE] LDAP mapping does not work Graylog Add-ons	2	923	August 13, 2020

LDAP Auth, groups aren't showing

Related Topics