Hi Robin, make sure that there is only 1 entry in the ldap_settings collection in MongoDB.
Additionally make sure, that all Graylog nodes are using the exact same password_secret <https://github.com/Graylog2/graylog2-server/blob/2.0.3/misc/graylog.conf#L9-L11> . Cheers, Jochen On Thursday, 18 August 2016 17:41:57 UTC+2, Robin H wrote: > > Hello - > > I've been trying to configure LDAP/AD authentication within the Graylog > web interface but it's not always working. I configure (and save) the LDAP > settings (server, user, group) and all the tests from the Graylog interface > pass without issue. > > I attempt to login with my AD account - sometimes it works and sometimes > not. When it doesn't, I get a message that I'm using an invalid account > (or something to that effect). If I login with my local account and go to > the LDAP settings page it's as if they were never configured. > > Here's where it gets a little weird... if I refresh the page and/or wait a > couple of minutes, those settings will typically return and then my AD > login works again. Also, I've found that while I'm in the middle of a > login session (doing whatever - logged in as my AD user), the screen will > reload and I'll be left at the initial login screen. If I try my AD > account, often times it doesn't work right away. I login with the local > account and the LDAP settings are blank again. There doesn't seem to be > any rhyme or reason to it - it can be fine for a few minutes to a few hours > - but it is kind of annoying. > > I did some research and found some others experiencing a similar issue due > to having multiple entries under the LDAP collection in Mongo - the > solution for most was to remove those and recreate in Graylog. I did have > that situation in the beginning as the first few times it happened I was > resetting the LDAP options in Graylog. I removed the duplicate entries and > reset - still didnt help. I also completely dropped the ldap_settings > collections from Mongo and reset. The issue is still occurring though... > > Anyone have any other suggestions or thoughts? > > Current setup: > > CentOS 7 > 2 Graylog servers (load balanced with HAProxy) > Mongo DB replica set (one instance on each of the 2 Graylog servers - > arbiter installed on a 3rd machine) > 2 ElasticSearch servers > > Thanks for any suggestions. > > Robin H > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/24fe65ef-a693-4dce-903b-6d4f407159be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
