LDAP Authentication -> some Users always Admin

Hi Guys!

We have graylog running since a year now and I did a verify of the whole system.

during that, I recognized a strange behaviour within LDAP-Users.

the first users with which we did the training had initially the “admin” role assigned, as we had no clean ldap mapping at the start.

Now I’ve configured that all new users have “reader” access and a group called “ServiceDesk” via “Additional default Roles”. The Role “ServiceDesk” has only read-permissions to Dashboard/Streams.

Additionally, I have created 4 AD-Groups and mapped them to Roles in Graylog.

All of the Roles have only READ-Access to Dashboard / Streams.

Now I have a few users, which always get the Admin-Role assigned, after the login.

I tried to delete them in the WebGUI and in the MongoDB, but after re-login, the Admin-Role is still assigned.

Do you have any hint, how I can debugg it?

I tried also to create a local user with the same username and it was immediatly overriden by the LDAP Authentication.

the Login Provider Order is:

LDAP/AD (active)
Passwords (disabled)
Sessions (active)
API Tokens (disabled)
Admin user (active)

regards michael

we now did a test with a “new” user, which was never in Graylog before and here the roles are working fine.

looks like as it is really related to “old” accounts.

I found the Problem!

It was an LDAP Group Mapping, which was not displayed in the web gui, only in the mongodb.

after deleting the entry in “ldap-settings”, all users have now only the specific rights.

regards michael

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.