Hi Jochen - Thanks for the reply.
I verified that I only have 1 entry under ldap_settings in MongoDB. I even removed it and re-entered the settings from the Graylog console. The password_secrets were the same between my two Graylog nodes but, just in case, I generated a new one. Once I'd done this, I restarted all of the nodes but, unfortunately, the same problem still persisted. Any other thoughts or suggestions are welcomed. Thanks, Robin On Tuesday, August 23, 2016 at 8:31:50 AM UTC-4, Jochen Schalanda wrote: > Hi Robin, > > make sure that there is only 1 entry in the ldap_settings collection in > MongoDB. > > Additionally make sure, that all Graylog nodes are using the exact same > password_secret > <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L9-L11> > . > > Cheers, > Jochen > > On Thursday, 18 August 2016 17:41:57 UTC+2, Robin H wrote: >> >> Hello - >> >> I've been trying to configure LDAP/AD authentication within the Graylog >> web interface but it's not always working. I configure (and save) the LDAP >> settings (server, user, group) and all the tests from the Graylog interface >> pass without issue. >> >> I attempt to login with my AD account - sometimes it works and sometimes >> not. When it doesn't, I get a message that I'm using an invalid account >> (or something to that effect). If I login with my local account and go to >> the LDAP settings page it's as if they were never configured. >> >> Here's where it gets a little weird... if I refresh the page and/or wait >> a couple of minutes, those settings will typically return and then my AD >> login works again. Also, I've found that while I'm in the middle of a >> login session (doing whatever - logged in as my AD user), the screen will >> reload and I'll be left at the initial login screen. If I try my AD >> account, often times it doesn't work right away. I login with the local >> account and the LDAP settings are blank again. There doesn't seem to be >> any rhyme or reason to it - it can be fine for a few minutes to a few hours >> - but it is kind of annoying. >> >> I did some research and found some others experiencing a similar issue >> due to having multiple entries under the LDAP collection in Mongo - the >> solution for most was to remove those and recreate in Graylog. I did have >> that situation in the beginning as the first few times it happened I was >> resetting the LDAP options in Graylog. I removed the duplicate entries and >> reset - still didnt help. I also completely dropped the ldap_settings >> collections from Mongo and reset. The issue is still occurring though... >> >> Anyone have any other suggestions or thoughts? >> >> Current setup: >> >> CentOS 7 >> 2 Graylog servers (load balanced with HAProxy) >> Mongo DB replica set (one instance on each of the 2 Graylog servers - >> arbiter installed on a 3rd machine) >> 2 ElasticSearch servers >> >> Thanks for any suggestions. >> >> Robin H >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3e2ce558-18b0-4254-bf1b-f16d5aa5519a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
