I have been using LDAP integrated authentication for some time, with group mapping and the setup works like a charm. The roles are mapped nicely and I am happy.
However I would like to prohibit most users from authenticating into Graylog at all. In other words I don’t want most LDAP users to be able to login to the GUI period.
How can that be accomplished? At present the “mortals” only get a minimal default role but they can still login to the GUI? How can I use group membership to completely block an LDAP login, not just use group membership for mapping onto roles?
Any advice would be appreciated!