Is possible to configure LDAP authorization without UI. I want to automate this through ansible and have been looking into the REST APIs but am stuck.

Thanks for any advice.

1 Like

Everything in graylog web is operated by API, so it should work. Check Rest API Browser to find LDAP section:

Which graylog version do you use?

1 Like

i am using version 4.0.2. i have tried to create the LDAP config through ansible modules too but am failing there… just trying to automate the process.

Hi @mbank59 ,
I’m also a big fan of ansible.

Here is a test bash script I’ve created for you. It gets User role id, creates new Active directory service, and active it.

  • Please update it for your purposes. Replace with your address of graylog.
  • Use basic auth, token, or session auth for authentication (I used basic for simplicity).
  • You can replace -H 'Authorization: Basic BASE64PASSWORD' with -u admin:PASSWORD if you want to use password directly in cmd
  • Change also parameters for your real LDAP server.
  • If you want to assign 2 or more default roles at once, include their id in parameter default_roles, separated by comma.
# Get id of Role (Reader)
ROLEID=$(curl -s -X GET -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' '' | jq -r '.roles[] | select(.name=="'"$ROLE"'") | .id')

# Create new Active Directory service, set default_roles (Reader role id) and return backend id
NEWLDAPSERVICEID=$(curl -s -X POST -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' '' --data-raw '{"title":"Active Directory","description":"Description of service","default_roles":["'"$ROLEID"'"],"config":{"servers":[{"host":"ldap.domain.com","port":636}],"system_user_dn":"admin","system_user_password":"password","transport_security":"tls","type":"active-directory","user_full_name_attribute":"displayName","user_name_attribute":"userPrincipalName","user_search_base":"DC=domain,DC=com","user_search_pattern":"(&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={0})))","verify_certificates":false}}'|jq -r '.backend.id')

# Activate created Active Directory service by backed id
curl -s -X POST -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' '' --data-raw '{"active_backend":"'"$NEWLDAPSERVICEID"'"}'

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.