I am trying to connect graylog to ldap via my active directory server.
Test connection works fine to AD and I am able to do the user login test successfully. No groups are being pulled, however.
For example, I have a user inside of ou=Annex,ou=Admin,ou=Staff,dc=company,dc=com
I also created a group in the above OU called Graylog2
But I get the below warning…
2017-05-08T23:42:20.193-04:00 WARN [LdapConnector] Unknown group id attribute CN=Graylog2, skipping group entry Entry
User mapping
Search Base DN | ou=Annex,ou=Admin,ou=Staff,dc=company,dc=com
User Search Pattern | (&(objectClass=user)(sAMAccountName={0}))
Display Name attribute | displayName
Group Mapping
Group Search Base DN | ou=Annex,ou=Admin,ou=Staff,dc=company,dc=com
Group Search Pattern | (objectClass=group) … I have also tried (&(objectClass=group)(cn=Graylog2)).
Group Name Attribute | CN=Graylog2
So I moved the group Graylog2 to cn=Users,dc=company,dc=com and created a user called grayuser there.
Now my search base DN and group search base DN are both: cn=Users,dc=company,dc=com
When I test with grayuser I get the below log…
2017-05-09T14:34:12.145-04:00 WARN [LdapConnector] Unknown group id attribute CN=Graylog2, skipping group entry Entry
dn: CN=Graylog2,CN=Users,dc=company,dc=com
objectClass: top
objectClass: group member: CN=graylog user.,CN=Users,dc=company,dc=com