Hi! I have been reading about this issue but i can’t make it work.
I have my LDAP configuration set, the test via Test Server Connetion button is working fine, and when i look for user in the Login Test area i get a User Found (OK) but when the user tries to login is getting a “Invalid Credentials, please verify them and retry”. The strange thing is that i am loged with my AD user and password without issues.
Do i have to create the user in the Authentication -> Users area? Or should it create by itself with the first login?
My graylog version is v3.2.1.
Do you need any other information?
Please post your LDAP configuration in Graylog…
- If you use
Active Directoryand not normal LDAP (like OpenLDAP), changeServer TypetoActive Directory - If you care about security always use secure connection to LDAP server, otherwise all password are send with plain text. Check
SSLorStartTLSbased of type your LDAP support, and change port to636 - Check if your
Search Base DNcontains also yourSystem Usernamebind and your users, better is to use lower LDAP tree structure, for exampleDC=domain,DC=net - Your User Search Pattern doesn’t use filter only for users, so it can include also another objects like groups, mail accounts and so on. Use rather filter like this which include user members of group Graylog_users:
(&(objectCategory=person)(objectClass=user)(sAMAccountName={0})(memberOf:CN=Graylog_users,DC=domain,DC=net))) - I always try to use filter using AD mmc filter or powershell to check if it works, only remove part
(sAMAccountName={0})
https://theitbros.com/ldap-query-examples-active-directory/
Hope it helps
Its working now, thanks!
I changed to Active Directory (1) and changed the Search Base DN (3) to a wider OU.
About 4 i changed to the one you proposed but didnt work, i used the one that was already configured, and i will check the article in depth because i now little about the AD service and the queries.
Thanks for the information and the assistance.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.