Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
LDAP Role assignment not working (depending on name?) #1453
We're trying to setup LDAP group mappings and notice that in some cases it's not working properly (ie, the user is not assigned the proper group, does not see the streams assigned to that group).
Preliminary testing shows it might depend on the group name:
We tried several times renaming the group and assigning a role to that group and verify if that user would see the stream assigned to that role.
The group query we used is:
They graylog server log shows this:
The attached stacktrace doesn't help much to figure out the problem, could you please turn the log level of
That logs all kinds of details about searches performed and the entities returned, and may help you to figure out the problem. In case you need some help with it, please send the log output to firstname.lastname@example.org if you can't share it publicly.
Along with the trace, also a warning is shown:
Just like @bonzi316, the user in case also has groups that belong to another domain.
Because of that, the group lookup returns null, which causes a nullpointer exception (see https://github.com/Graylog2/graylog2-server/blob/master/graylog2-server/src/main/java/org/graylog2/security/ldap/LdapConnector.java#L168)
So I agree with @bonzi316 that filtering out groups is a good idea, or at least, check if null was returned for the group lookup.