edmundoa
commented
8 years ago Hi,
Thank you for reporting this issue and sharing those links :)
I'm closing the issue in favour of the one in the server repository: https://github.com/Graylog2/graylog2-server/issues/1436
Hi there
We've got a bunch of LDAP groups mapping over to streams - works fine when the Active Directory group directly contains the users
However, we just wanted to create a new stream containing data that a large existing AD group has access to - but the group contains groups - that contain users (ie the group is nested). This doesn't appear to be supported by graylog-web? ie a user who is a member of a group, that is a member of the group that a role is assigned to, logs in and isn't assigned that role
This is a common problem with LDAP, but there is a solution, here are some links that may help you (I have done this a lot and hate it so much I ditched ever using AD directly for authorization. I only use it for authentication and have cronjobs manually unpacking LDAP groups in order to "flatten" group membership back to the individuals. Ugly but guaranteed to work ;-)
http://ldapwiki.willeke.com/wiki/Active%20Directory%20User%20Related%20Searches http://stackoverflow.com/questions/13758650/nested-group-ldap-search-filter