New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to map LDAP groups to Graylog role - Missing plugin component #3485

Closed
whittle1 opened this Issue Feb 13, 2017 · 13 comments

Comments

Projects
None yet
@whittle1

whittle1 commented Feb 13, 2017

Hiya,

I have got LDAP authentication working within Graylog, and now I want to map AD groups to Graylog roles, to minimise the amount of work required to set up existing AD users with Graylog stream access.

When trying to set this up within the Graylog web interface, I get the message:
"Plugin component missing for authenticator legacy-ldap-groups, this is an error."

This is when accessing the '/system/authentication/config/legacy-ldap-groups' URL, which is the page linked from the LDAP/Active Directory config screen within Graylog .

gl-error

Please let me know if I can provide any futher infomation.

I am running the current version of Graylog aviable from the Graylog CentOS repo (Graylog 2.2.0). I followed the instation guide below to install Graylog.
http://docs.graylog.org/en/2.2/pages/installation/os/centos.html

  • Graylog Version: Graylog 2.2.0+d9681cb
  • Elasticsearch Version: 2.4.4
  • MongoDB Version: 3.4.2
  • Operating System: CentOS 7
  • Browser version: Firefox 51.0.1

@whittle1 whittle1 changed the title from Unable to map LDAP groups to Graylog role - to Unable to map LDAP groups to Graylog role - Missing plugin component Feb 13, 2017

@joschi

This comment has been minimized.

Contributor

joschi commented Feb 13, 2017

@whittle1 I'm unable to reproduce this issue with Graylog 2.2.0.

Please attach a list of installed plugins (from the System / Nodes / Details page) and make sure to clear your browser cache.

@joschi joschi added the needs-input label Feb 13, 2017

@whittle1

This comment has been minimized.

whittle1 commented Feb 13, 2017

@joschi Thanks for the reply. I've cleared the browsed cache, and also tried in Chrome, and the problem persists.

This is the contents of the /usr/share/graylog-server/plugin/ directory. These will have been the default plugins that will have been installed with the graylog-server package from the CentOS repo.

graylog-plugin-anonymous-usage-statistics-2.2.0.jar
graylog-plugin-beats-2.2.0.jar
graylog-plugin-collector-2.2.0.jar
graylog-plugin-enterprise-integration-2.2.0.jar
graylog-plugin-map-widget-2.2.0.jar
graylog-plugin-pipeline-processor-2.2.0.jar

EDIT: These are the same that get displayed in the System / Nodes / Details page.

I've checked /var/log/graylog-server/server.log and there are no errors related to this problem.

Thanks again.

@joschi

This comment has been minimized.

Contributor

joschi commented Feb 13, 2017

@whittle1 Are there any error messages in the Javascript/Developer console of your web browser?

Could you please additionally describe exactly what you're doing from log-in up to the moment you see the error message in your web browser?

Did you upgrade your Graylog installation or was this a completely fresh setup?

I've checked /var/log/graylog-server/server.log and there are no errors related to this problem.

Are there any other warnings or errors? Please upload the logs of your Graylog node(s).

@jalogisch

This comment has been minimized.

Member

jalogisch commented Feb 20, 2017

@whittle1 can you please give us an update on this.

we are not able to reproduce this on our end.

@whittle1

This comment has been minimized.

whittle1 commented Feb 21, 2017

Apologies for delay.

@joschi
This is a completely fresh install of Graylog, on a newly created server. This morning I have updated to 2.2.1+4829190, but the problem occurred both before and after this.

The steps I am taking to view the error:
-Login as admin user
-Go to System -> Authentication
-Go to "3. LDAP Active Directory"
-Click the "mapping LDAP groups to Graylog roles" link, the majority of the way down the page.
-Receive the error "Plugin component missing for authenticator legacy-ldap-groups, this is an error".

I've attached an image of the warnings from the browser debugger when progressing through the steps above.

I've also attached the server.log file, which contains all logs between graylog startup and the problem occurring.

I have now noticed this line in the logs, I'm unsure if its related.
2017-02-21T08:39:23.143Z INFO [PeriodicalsService] Not starting [org.graylog2.periodical.LdapGroupMappingMigration] periodical. Not configured to run on this node.

Thanks,
Stephen

graylog-devcapture
graylog serverlog.txt

@shthead

This comment has been minimized.

shthead commented Feb 22, 2017

I am also experiencing this error. I have deployed a new appliance (using the VMWare image), set up AD auth and get the same error.

@funeralium666

This comment has been minimized.

funeralium666 commented Feb 23, 2017

Hi, I have the same error also with Graylog 2.2.1 installed on CentOS 7.3. Can't get Active Directory groups working.

@YoranSys

This comment has been minimized.

YoranSys commented Feb 24, 2017

Hi, I have the same error also with Graylog 2.2.1 installed on Debian 7. Can't get Active Directory groups mapping working.

@funeralium666

This comment has been minimized.

funeralium666 commented Feb 24, 2017

Somehow I managed those LDAP groups working. The error is still there, but it's not interrupting my configuration tasks.

@kroepke kroepke added bug triaged and removed needs-input labels Feb 27, 2017

@pmsumner

This comment has been minimized.

pmsumner commented Mar 6, 2017

I am just setting up AD auth and have stumbled across this problem. There's nothing in the server/current log file or in the Chrome console when loading $IP/system/authentication/config/legacy-ldap-groups.

Graylog server 2.2.0.

Anything else I can provide that might be useful?

@Ollie42

This comment has been minimized.

Ollie42 commented Mar 23, 2017

The same Problem here with Graylog Version v2.2.2+691b4b7 on Centos 7
Are there any Updates on this Issue?

@Ollie42

This comment has been minimized.

Ollie42 commented Mar 23, 2017

Found somethimg that worked for me. I used the Button "LDAP Group Mapping"
instead of the Link "mapping LDAP groups to Graylog roles".
This will open a Page where you can assign the Groups read from LDAP to
Groups found in Graylog. If no LDAP Groups are shown here there is probably something
wrong with the Group Search Pattern in the Settings of "4. Group Mapping".
Hope this helps.

Regards,
ollie

@edmundoa

This comment has been minimized.

Member

edmundoa commented Mar 23, 2017

@Ollie42 thank you! That definitely helps and a broken link may explain the problem. We will investigate.

@edmundoa edmundoa self-assigned this Mar 23, 2017

@dennisoelkers dennisoelkers added this to the 2.2.3 milestone Mar 24, 2017

@joschi joschi closed this in #3651 Mar 29, 2017

@wafflebot wafflebot bot removed the in progress label Mar 29, 2017

joschi added a commit that referenced this issue Mar 29, 2017

Fix navigation in LDAP components (#3651)
* Fix navigation between ldap config and groups

As there is no easy way to access each component through an URL any
longer, use callbacks to let the parent decide which component to
render.

* Remove unused config prop

* Use jsx extension for ldap component

* Fix error handling in ldap groups component

- Do not try to render an object, as that doesn't work
- Display no configuration message when server returns 400, as that only
  happens when LDAP is not correctly configured. That message is a bit
  more clear and less scary

Fixes #3485

edmundoa added a commit that referenced this issue Mar 29, 2017

Fix navigation in LDAP components (#3651)
* Fix navigation between ldap config and groups

As there is no easy way to access each component through an URL any
longer, use callbacks to let the parent decide which component to
render.

* Remove unused config prop

* Use jsx extension for ldap component

* Fix error handling in ldap groups component

- Do not try to render an object, as that doesn't work
- Display no configuration message when server returns 400, as that only
  happens when LDAP is not correctly configured. That message is a bit
  more clear and less scary

Fixes #3485
(cherry picked from commit 1fafbf1)

joschi added a commit that referenced this issue Mar 29, 2017

Fix navigation in LDAP components (#3670)
* Fix navigation between ldap config and groups

As there is no easy way to access each component through an URL any
longer, use callbacks to let the parent decide which component to
render.

* Remove unused config prop

* Use jsx extension for ldap component

* Fix error handling in ldap groups component

- Do not try to render an object, as that doesn't work
- Display no configuration message when server returns 400, as that only
  happens when LDAP is not correctly configured. That message is a bit
  more clear and less scary

Fixes #3485
Refs #3651
(cherry picked from commit 1fafbf1)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment