/graylog2-server

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for LDAP Groups #951

Closed
rikatz opened this Issue Feb 6, 2015 · 2 comments

Comments

Assignees

@kroepke kroepke

Labels
Projects
None yet
Milestone
  1.2.0
3 participants
@rikatz @zolech @kroepke
@rikatz

rikatz commented Feb 6, 2015

Not an issue, but a feature request for next versions:

It would be great if support to LDAP groups is added to Graylog.

Example: I have my user, it's part of the group 'group1'.

On the stream, I add that everybody on the group 'group1' have the view of that stream, so I don't need to add manually a user to a stream when it joins a new group (a development group, as an example).

And thanks for the hard work guys, the software is amazing!!
@zolech

This comment has been minimized.

Sign in to view

zolech commented Mar 25, 2015

+1

LDAP Group synchronization is what we are waiting for

@kroepke kroepke referenced this issue Jul 23, 2015

Closed

LDAP intergration with AD - LDAP filter only returns one 'memberof' entry, can't filter on group membership #1279

@kroepke kroepke added the users label Jul 23, 2015

@kroepke kroepke added this to the 1.2.0 milestone Jul 23, 2015

@kroepke kroepke self-assigned this Jul 23, 2015

@kroepke kroepke referenced this issue Jul 23, 2015

Closed

Roles/user groups #1321

kroepke added a commit that referenced this issue Jul 23, 2015

@kroepke
initial support for roles and LDAP groups 
- LDAP group mapping is incomplete and doesn't work in this commit yet
- roles CRUD API is complete
- Shiro support is complete
- no UI support yet

related to #1321 #951
Loading status checks…
5cdfbd3

@kroepke kroepke referenced this issue Jul 23, 2015

Merged

initial support for roles and LDAP groups #1322

kroepke added a commit that referenced this issue Jul 24, 2015

@kroepke
implement LDAP groups to role mapping 
 - add /system/ldap/settings/groups endpoints for managing the mapping
 - correctly resolve a user's roles to permissions when retrieving the user (so that the web interface gets the correct set of permissions)
 - some cleanup regarding bindings
 - add new permissions for reading/editing ldap group mappings, which can be done independently of configuring ldap system settings
 - group mapping uses the objectid of roles, not their names, so they work correct after role renames

 issue #1321 #951
Loading status checks…
0f68df3

kroepke added a commit that referenced this issue Jul 24, 2015

@kroepke
include a user's roles in GET /user/{name} response 
 - so we can list each user's roles in the overview

issue #1321 #951
Loading status checks…
0abcf22

kroepke added a commit that referenced this issue Aug 4, 2015

@kroepke
adding roles to user classes, added description property to Role 
issue #1321 #951
Loading status checks…
80de41d

kroepke added a commit that referenced this issue Aug 4, 2015

@kroepke
adding roles to user classes, added description property to Role 
issue #1321 #951

(cherry picked from commit 80de41d)

Conflicts:
	graylog2-server/src/main/java/org/graylog2/users/RoleImpl.java
	graylog2-shared/src/main/java/org/graylog2/shared/users/Role.java
Loading status checks…
6898c84

kroepke added a commit that referenced this issue Aug 5, 2015

@kroepke
bump version for development 
issue #1321 #951
c1a8d5e

kroepke added a commit that referenced this issue Aug 5, 2015

@kroepke
make description in RoleResponse optional 
add web interface service class

issue #1321 #951
Loading status checks…
2c347e0

kroepke added a commit that referenced this issue Aug 10, 2015

@kroepke
support updating roles in rest client 
fix exception when using Optional.get()

issue #1321 #951
Loading status checks…
e7eb9f2

kroepke added a commit that referenced this issue Aug 10, 2015

@kroepke
add read only flag to roles 
ensure the Reader and Admin roles are always present during start

 - reader role does not contain the user-specific permissions needed to edit and change the password of the current user, these need to be set during user creation in that entity
 - admin is simply "*"

both built-in roles cannot be edited/deleted or otherwise changed.

fixes missing description when creating a role

issue #1321 #951
Loading status checks…
ac1cb52

kroepke added a commit to graylog-labs/graylog2-web-interface that referenced this issue Aug 31, 2015

@kroepke
make LDAP group object class configurable 
related to Graylog2/graylog2-server#951
Loading status checks…
95807ac

@kroepke kroepke closed this in 3f7564b Aug 31, 2015

kroepke added a commit that referenced this issue Aug 31, 2015

@kroepke
use the correct object class setting when listing LDAP groups 
fixes #951
Loading status checks…
691db7b
@rikatz

This comment has been minimized.

Sign in to view

rikatz commented Sep 1, 2015

@kroepke great job!!! Thanks guys for this awesome software, Graylog is transforming on a game changer!!

kroepke added a commit that referenced this issue Sep 1, 2015

@kroepke
in LDAP group lookup use the user specified filter instead of limitin… 
…g it to objectClass

 previously we only allowed to filter for objectClass, which could be problematic if LDAP contained thousands of groups.
 this lets the user specify an arbitrary filter for looking up the relevant groups

 #951
Loading status checks…
a9176d6

kroepke added a commit to graylog-labs/graylog2-web-interface that referenced this issue Sep 1, 2015

@kroepke
make groupSearchPattern configurable 
Graylog2/graylog2-server#951
Loading status checks…
21b883b

This was referenced Sep 1, 2015

Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment