Hi Robin, make sure that there is only 1 entry in the ldap_settings collection in MongoDB.
Additionally make sure, that all Graylog nodes are using the exact same password_secret <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L9-L11> . Cheers, Jochen On Thursday, 18 August 2016 17:41:57 UTC+2, Robin H wrote: > > Hello - > > I've been trying to configure LDAP/AD authentication within the Graylog > web interface but it's not always working. I configure (and save) the LDAP > settings (server, user, group) and all the tests from the Graylog interface > pass without issue. > > I attempt to login with my AD account - sometimes it works and sometimes > not. When it doesn't, I get a message that I'm using an invalid account > (or something to that effect). If I login with my local account and go to > the LDAP settings page it's as if they were never configured. > > Here's where it gets a little weird... if I refresh the page and/or wait a > couple of minutes, those settings will typically return and then my AD > login works again. Also, I've found that while I'm in the middle of a > login session (doing whatever - logged in as my AD user), the screen will > reload and I'll be left at the initial login screen. If I try my AD > account, often times it doesn't work right away. I login with the local > account and the LDAP settings are blank again. There doesn't seem to be > any rhyme or reason to it - it can be fine for a few minutes to a few hours > - but it is kind of annoying. > > I did some research and found some others experiencing a similar issue due > to having multiple entries under the LDAP collection in Mongo - the > solution for most was to remove those and recreate in Graylog. I did have > that situation in the beginning as the first few times it happened I was > resetting the LDAP options in Graylog. I removed the duplicate entries and > reset - still didnt help. I also completely dropped the ldap_settings > collections from Mongo and reset. The issue is still occurring though... > > Anyone have any other suggestions or thoughts? > > Current setup: > > CentOS 7 > 2 Graylog servers (load balanced with HAProxy) > Mongo DB replica set (one instance on each of the 2 Graylog servers - > arbiter installed on a 3rd machine) > 2 ElasticSearch servers > > Thanks for any suggestions. > > Robin H > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/24fe65ef-a693-4dce-903b-6d4f407159be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
