1.Server Connection Check Successfully
2.LDAP authentication failed
3.Using AD domain authentication can pass
What should be entered for entryUUID?
What version of graylog are you using? Do you have any corresponding errors in graylog’s server.log? What ldap server are you using? (e.g. Active Directory, OpenLDAP)
I just did a quick test with the latest graylog version (5.2.2) using this openldap docker container: Docker
I believe the error message is saying that when graylog queried the ldap server, the entryUUID attribute was null, empty, or not present. You may need to choose a different ID attribute.
I confirmed that everything works as expected.
However, your mileage may vary. I recommend using a tool like ldapsearch to explore your ldap data and their attributes.
For example: ldapsearch -x -b "dc=example,dc=org" -H ldap://127.0.0.1:1389
returns something like
# user01, users, example.org
dn: cn=user01,ou=users,dc=example,dc=org
cn: User1
cn: user01
sn: Bar1
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: cGFzc3dvcmQx
uid: user01
uidNumber: 1000
gidNumber: 1000
homeDirectory: /home/user01
# user02, users, example.org
dn: cn=user02,ou=users,dc=example,dc=org
cn: User2
cn: user02
sn: Bar2
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: cGFzc3dvcmQy
uid: user02
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/user02
# readers, users, example.org
dn: cn=readers,ou=users,dc=example,dc=org
cn: readers
objectClass: groupOfNames
member: cn=user01,ou=users,dc=example,dc=org
member: cn=user02,ou=users,dc=example,dc=org
# search result
search: 2
result: 0 Success
hope that helps.
1.Reinstalling graylog5.2 still reports entryUUID attribute cannot be nullReinstalling graylog5.2 still reports entryUUID attribute cannot be null(centos7.9 IP:192.168.0.60)
2.Install server2016 AD domain with default settings.(IP:192.168.0.10)
3.Simulate the environment in the same LAN and network segment。
I feel like there may be an issue with configuring serverconf,
REVISION:
vim /etc/graylog/server/server.conf
#Modify the following items:
#secret key
password_secret =“password_secret****”
root_password_sha2 =“mypassword****”
#elasticsearch
elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1
elasticsearch_replicas = 0
#Database connection settings
mongodb_uri = mongodb://localhost/graylog
#Listening port for web services
http_bind_address = 0.0.0.0:9000
Please help check if the configuration is correct. Thank you
It looks like you provided screenshots of Active Directory but your auth service in graylog is using LDAP (not Active Directory). Can you confirm that you tried using the Active Directory auth service (instead of the LDAP one) and if that worked or not?
1.Install OPENLAPLDAP on Windows 10(IP:192.168.0.20) and link with LDAPAdmin,Link successful。
2.But logging in with an account still failed。
At present, I don’t know where the error lies. Please help analyze it, thank you.
The scema you are showing in your screenshots is for Active Directory. What happens when you try to configure the Active Directory authentication service in graylog?
I confirmed that if you try to setup an LDAP Authentication service connecting to an Active Directory server you will receive that error:
This is saying that the user does not have an entryUUID attribute. This is expected for Active Directory as this attribute is specific to LDAP. Using the active directory type should resolve this.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.