Read username from referenced LDAP record

* The `username_attribute` configuration value was added to the `ldap` section. When this value is set, the program will not try to extract the username from DNs; instead, it will look them up and extract the username from the referenced record, using the specified attribute. * The program will no longer exit in error when a group listed in the mapping doesn't exist.
2021-02-09 23:15:24 +01:00 · 2021-02-09 23:15:24 +01:00 · 5c014aa951
commit 5c014aa951
parent 9bec0ad14e
3 changed files with 82 additions and 39 deletions
--- a/graylog-groups.yml.example
+++ b/graylog-groups.yml.example
@ -37,6 +37,13 @@ ldap:
    - uniqueMember
    - memberUid

+  # Username attribute. This is used when group member fields contain the '='
+  # ',' character, in which case the value will be considered a DN and looked up
+  # in the LDAP. The field specified by this configuration value will be read
+  # and used as the login name. If this configuration value is not set, the
+  # first element in the DN will be extracted and used as the username.
+  username_attribute: uid
+
 # Graylog server info
 # --------------------
 graylog: