if you just want a simple “if user is in group $foo allow access to graylog” filter: LDAP Query Group