LDAP authentication without using group


I am trying to make LDAP authentication work so that all users are administered in the Graylog (no Groups setting used).

The LDAP connection works OK, and the login test works.

I did not find information on how to create a user that authenticates to the directory though. What attribute does Graylog use as user name when authenticating? (i.e. what user name should I use so that it matches with the one LDAP returns for the query?)

The error message I get, when I try (account name removed):

2017-06-27T10:28:38.455+03:00 WARN  [ModularRealmAuthenticator] Realm [org.graylog2.security.realm.PasswordAuthenticator@347626d4] threw an exception during a multi-realm authentication attempt: org.apache.shiro.authc.IncorrectCredentialsException: Submitted credentials for token [org.apache.shiro.authc.UsernamePasswordToken - *******, rememberMe=false] did not match the expected credentials.
2017-06-27T10:28:38.456+03:00 INFO  [SessionsResource] Invalid username or password for user "*******"

… found it. My problem was in the provider order settings; LDAP was disabled there, even when I enabled in the LDAP settings page.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.