LDAP REST API config

mbank59 · February 10, 2021, 9:03pm

HELP

Is possible to configure LDAP authorization without UI. I want to automate this through ansible and have been looking into the REST APIs but am stuck.

Thanks for any advice.

shoothub · February 12, 2021, 9:40am

Everything in graylog web is operated by API, so it should work. Check Rest API Browser to find LDAP section:
https://docs.graylog.org/en/4.0/pages/configuration/rest_api.html

Which graylog version do you use?

mbank59 · February 12, 2021, 3:51pm

i am using version 4.0.2. i have tried to create the LDAP config through ansible modules too but am failing there… just trying to automate the process.

shoothub · February 12, 2021, 6:44pm

Hi @mbank59 ,
I’m also a big fan of ansible.

Here is a test bash script I’ve created for you. It gets User role id, creates new Active directory service, and active it.

Please update it for your purposes. Replace 172.28.128.15:9000 with your address of graylog.
Use basic auth, token, or session auth for authentication (I used basic for simplicity).
You can replace -H 'Authorization: Basic BASE64PASSWORD' with -u admin:PASSWORD if you want to use password directly in cmd
Change also parameters for your real LDAP server.
If you want to assign 2 or more default roles at once, include their id in parameter default_roles, separated by comma.

#!/bin/bash
# Get id of Role (Reader)
ROLE="Reader"
ROLEID=$(curl -s -X GET -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' 'http://172.28.128.15:9000/api/authz/roles?page=1&per_page=50&sort=name&order=asc' | jq -r '.roles[] | select(.name=="'"$ROLE"'") | .id')

# Create new Active Directory service, set default_roles (Reader role id) and return backend id
NEWLDAPSERVICEID=$(curl -s -X POST -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' 'http://172.28.128.15/api/system/authentication/services/backends' --data-raw '{"title":"Active Directory","description":"Description of service","default_roles":["'"$ROLEID"'"],"config":{"servers":[{"host":"ldap.domain.com","port":636}],"system_user_dn":"admin","system_user_password":"password","transport_security":"tls","type":"active-directory","user_full_name_attribute":"displayName","user_name_attribute":"userPrincipalName","user_search_base":"DC=domain,DC=com","user_search_pattern":"(&(objectClass=user)(|(sAMAccountName={0})(userPrincipalName={0})))","verify_certificates":false}}'|jq -r '.backend.id')

# Activate created Active Directory service by backed id
curl -s -X POST -H 'Authorization: Basic BASE64PASSWORD' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'X-Requested-By: cli' 'http://172.28.128.15/api/system/authentication/services/configuration' --data-raw '{"active_backend":"'"$NEWLDAPSERVICEID"'"}'

system · February 26, 2021, 6:45pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
LDAP - Automate Configuration Graylog Central (peer support)	3	1433	August 11, 2017
Ansible configure AD/LDAP integration Graylog Central (peer support)	4	737	November 1, 2018
Graylog, configure multiple LDAP servers Graylog Central (peer support) basic-configuration	4	721	May 19, 2022
LDAP authentication without using group Graylog Central (peer support)	2	675	July 12, 2017
Configuring Graylog Exclusively through API Graylog Central (peer support)	5	794	June 22, 2017

LDAP REST API config

Related Topics