Hello,
I’m trying to config my Graylog’s LDAP settings in such way that user with specific titles, let’s say, “testers”, will not be allowed to login into Graylog trough LDAP.
From my understanding I have to specify a filter in User Search Pattern?
I tried something like this : (&(objectClass=user)(sAMAccountName={0})(!title=testers))
but sadly it didn’t work. With that setting in Pattern LDAP is not working at all. Could you help?
Based on yout ldap server, it could be different.
First try it without the title extension. Are you sure the sAMAccountName contains your username.
Based on my little resource, you shoud use ! before (. (!title=testers) -> (!(title=testers))
You can also try ldapquery to be sure you get back user to your query and exclude any other graylog settings.
// We use a group to control the list of the users who can login to GL (&(objectClass=user)(cn={0})(memberof=CN=Graylog-Logon,OU=Groups,DC=DOMAIN,DC=internal))
no, it is you original query part.
check the parenthesis
syntax error.
| means OR, but you don’t use any other condition. (&(objectClass=user)(sAMAccountName={0})(!(title=*)))
OR (&(objectClass=user)(sAMAccountName={0})(!(title=testers))(title=*))