Problems with LDAP/AD authorization


(Oleksandr Meleshchuk) #1

Hi everyone,
I’m experiencing strange issues with AD integration. The case is:
I’m having two AD groups for different level of access to GrayLog, they are:
GU.SC.Graylog.Administrators
GU.SC.Graylog.Users
I’m using next search pattern for users:
(&(objectCategory=Person)(sAMAccountName=*)((memberOf=CN=GU.SC.RsysLog.Administrators,OU=RsysLog,OU=Service,OU=Groups,DC=xx,DC=xx)
In this case in theory graylog should get information from the AD if users which are trying to login are members of this group.
So members of this group are:
user1
user2
Next I’m filling user1 as login and password for user1 for testing. When I’m clicking Test button on the AD configuration screen I’m getting error that user exist, but password is incorect and output of the test is showing me informtaion about user2. Hmmm…strange.
So I’ve tried to remove user2 from the GU.SC.RsysLog.Administrators group and after this it is working fine.
Also I’ve tried to test use1 with password for user2 and Yes it is passing test succesfully.
Maybe someone of you guys are having same results?


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.