Grafana to support LDAP authentication

Grafana
1

Hi,

I have add active directory user details in ldap.toml file and enable ldap authentication from grafana.ini file.

LDAP connection established succesfully but throws exception in user mapping.

Her is my ldap.toml file:

To troubleshoot and get more log info enable ldap debug logging in grafana.ini

[log]

filters = ldap:debug

[[servers]]

Ldap server host (specify multiple hosts space separated)

host = “172.19.10.4”

Default port is 389 or 636 if use_ssl = true

port = 389

Set to true if ldap server supports TLS

use_ssl = false

Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)

start_tls = false

set to true if you want to skip ssl cert validation

ssl_skip_verify = false

set to the path to your root CA certificate or leave unset to use system defaults

root_ca_cert = “/path/to/certificate.crt”

Authentication against LDAP servers requiring client certificates

client_cert = “/path/to/client.crt”

client_key = “/path/to/client.key”

Search user bind dn

#bind_dn = “cn=Rahul Rawat,ou=Users,dc=example,dc=com”
#bind_dn = “example\%s”

Search user bind password

If the password contains # or ; you have to wrap it with triple quotes. Ex “”"#password;"""

bind_password = ‘********’

User search filter, for example “(cn=%s)” or “(sAMAccountName=%s)” or “(uid=%s)”

search_filter = “(sAMAccountName=%s)”

An array of base dns to search through

search_base_dns = [“dc=example,dc=com”]

For Posix or LDAP setups that does not support member_of attribute you can define the below settings

Please check grafana LDAP docs for examples

group_search_filter = “(&(objectClass=posixGroup)(memberUid=%s))”

group_search_base_dns = [“ou=groups,dc=grafana,dc=org”]

group_search_filter_user_attribute = “uid”

Specify names of the ldap attributes your ldap uses

[servers.attributes]
name = “givenName”
surname = “sn”
username = “sAMAccountName”
member_of = “memberOf”
email = “mail”

Map ldap groups to grafana org roles

[[servers.group_mappings]]
#group_dn = “cn=vmadmin,ou=groups,dc=example,dc=com”
#org_role = “Admin”
group_dn = “dc=example,dc=com”
org_role = “*”

To make user an instance admin (Grafana Admin) uncomment line below

grafana_admin = true

The Grafana organization database id, optional, if left out the default org (id 1) will be used

org_id = 1

[[servers.group_mappings]]
group_dn = “cn=users,dc=example,dc=com”
org_role = “Editor”

regards,
Rahul Rawat

2

Hi.

Here is grafana.ini file for ldap authentication.

[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true

regards,
Rahul Rawat

3

Can you share the error you can see in the logs?

4

Thanks, now issue has been resolved by making few changes in ldap.toml file.

regards,
Rahul