/graylog-plugin-ldap

LDAP pipeline function plugin for Graylog

Primary LanguageJavaGNU General Public License v3.0GPL-3.0

LDAP Pipelines functions

Build Status License GitHub Release

Version Compatibility

Plugin Version Graylog Version
1.2.x 3.2.x
>= 1.1.x 3.0.x

Installation

Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.

Restart graylog-server and you are done.

Configuration

In the configuration tab of Graylog, you will have to provide:

  • LDAP URL
  • Bind user
  • Bind password
  • Cache Heap Size
  • Cache TTL

You may have to change the order into "Message Processors Configuration". Just switch between "Message Filter Chain" and "Pipeline Processor"

Usage

To search with an attribute and display all fields, create a pipeline function like:

rule "LDAP"
when
  has_field("user_id")
then
  let result_str = LDAP(to_string($message.user_id), "uid", "");
  let result = key_value(result_str);
  set_fields(result, "LDAP-");
end

If you want to do the same search but displaying only the sn and givenName fields, create a pipeline function like:

rule "LDAP"
when
  has_field("user_id")
then
  let result_str = LDAP(to_string($message.user_id), "uid", "sn,givenName");
  let result = key_value(result_str);
  set_fields(result, "LDAP-");
end

Build

This project is using Maven 3 and requires Java 8 or higher.

  • Clone this repository.
  • Run mvn package to build a JAR file.
  • Optional: Run mvn jdeb:jdeb and mvn rpm:rpm to create a DEB and RPM package respectively.
  • Copy generated JAR file in target directory to your Graylog plugin directory.
  • Restart the Graylog.

License

This plugin is released under version 3.0 of the GNU General Public License.