- Did you 100% sure, that user you want to authenticate, is member of Organization unit (OU): Ruffalo Noel Levitz
- If not, or want to find users in more OU, it’s better to setup Search Base DN: DC=rufallo,DC=int (so you search whole domain), and after that use LDAP filter setup in parameter User Search Pattern.
- I usually use want only member of specific group to login to graylog, so create group for example Graylog_users and add members of this group to it. After that use filter in field: User Search Pattern: like this:
(&(objectCategory=person)(objectClass=user)(memberOf=CN=Graylog_users,CN=Users,DC=ruffalo,DC=int)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
This parameter in LDAP filter ensure, that locked users can’t login:
!(userAccountControl:1.2.840.113556.1.4.803:=2)
If you also want add nested group (not only user accounts) to your Graylog_users group, you can use this filter:
(&(objectCategory=person)(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=Graylog_users,CN=Users,DC=ruffalo,DC=int)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Check also this great articles:
https://social.technet.microsoft.com/wiki/contents/articles/5392.active-directory-ldap-syntax-filters.aspx
https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html