HELP
Is possible to configure LDAP authorization without UI. I want to automate this through ansible and have been looking into the REST APIs but am stuck.
Thanks for any advice.
HELP
Is possible to configure LDAP authorization without UI. I want to automate this through ansible and have been looking into the REST APIs but am stuck.
Thanks for any advice.
Everything in graylog web is operated by API, so it should work. Check Rest API Browser to find LDAP section:
https://docs.graylog.org/en/4.0/pages/configuration/rest_api.html
Which graylog version do you use?
i am using version 4.0.2. i have tried to create the LDAP config through ansible modules too but am failing there… just trying to automate the process.
Hi @mbank59 ,
I’m also a big fan of ansible.
Here is a test bash script I’ve created for you. It gets User role id, creates new Active directory service, and active it.
172.28.128.15:9000
with your address of graylog.-H 'Authorization: Basic BASE64PASSWORD'
with -u admin:PASSWORD
if you want to use password directly in cmddefault_roles
, separated by comma.#!/bin/bash
# Get id of Role (Reader)
ROLE="Reader"
ROLEID=$(curl -s -X GET -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' 'http://172.28.128.15:9000/api/authz/roles?page=1&per_page=50&sort=name&order=asc' | jq -r '.roles[] | select(.name=="'"$ROLE"'") | .id')
# Create new Active Directory service, set default_roles (Reader role id) and return backend id
NEWLDAPSERVICEID=$(curl -s -X POST -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' 'http://172.28.128.15/api/system/authentication/services/backends' --data-raw '{"title":"Active Directory","description":"Description of service","default_roles":["'"$ROLEID"'"],"config":{"servers":[{"host":"ldap.domain.com","port":636}],"system_user_dn":"admin","system_user_password":"password","transport_security":"tls","type":"active-directory","user_full_name_attribute":"displayName","user_name_attribute":"userPrincipalName","user_search_base":"DC=domain,DC=com","user_search_pattern":"(&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={0})))","verify_certificates":false}}'|jq -r '.backend.id')
# Activate created Active Directory service by backed id
curl -s -X POST -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' 'http://172.28.128.15/api/system/authentication/services/configuration' --data-raw '{"active_backend":"'"$NEWLDAPSERVICEID"'"}'
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.