Request Assistance: AD Integration with Wazuh Dashboard Login

[Narasimha Naidu B]

Hi Team,

Could you please assist us with integrating Active Directory (AD)
authentication for the Wazuh dashboard login? We have created two
groups for privileges and also set up a Wazuh service account, but
we’re still unable to log in using AD credentials.

Please let us know if you need any additional information from our side.


Regards,
Narasimha

--


***LEGAL DISCLAIMER****: By including any personal data in your response
to this email, you are freely consenting to this being used and stored by
us for the purpose of service delivery. Any email and files/attachments
transmitted with it may be confidential and are intended solely for the use
of the individual or entity to whom they are addressed. If this message has
been sent to you in error, you must not copy, distribute or disclose the
information it contains. Please notify us immediately and delete the
message from your system. 42Gears is committed to your privacy. To
understand more about how we collect, store, and process your personal
information, please take a look at our *Privacy Notice
<https://www.42gears.com/legal-and-privacy/privacy-policy/>.

[hasitha.u...@wazuh.com]

Hi Narasimha

Yes, Active Directory (LDAP) integration for the Wazuh dashboard login is fully supported and works well for authentication and access control.

Start with the basics: Set up your LDAP server like Active Directory with user and group sections, a bind account for queries, and the server's full name. Use or create folders for users and groups, and note their key identifiers.

If you lack the main security certificate, get it with a simple OpenSSL command connecting to your server on port 636. Save it in the Wazuh indexer's security folder and assign proper ownership.

Update the config file in the indexer's security area to add LDAP details for login and permissions, like server address, bind info, and user search rules (use username fields for AD).

Apply the updates using the securityadmin script on the indexer to load the new settings.

For permissions, update the roles file to link your AD groups, such as "Administrator," to Wazuh roles like full access. Run the script again to activate these links.

If needed, add more role ties in the dashboard's security menu via the web interface, then restart the dashboard service.

Test by logging in with an AD account from your group. If it works, you're set; otherwise, check the logs for hints. See the Wazuh LDAP guide for full steps. For more details, please refer to the attached document. Ref: https://documentation.wazuh.com/current/user-manual/user-administration/ldap.html Let me know if you encounter any issues while following the documentation, we can assist you further.