Hello all, I have been trying to get AD users mapped to GF but have tried many things and still getting the failures.
t=2020-06-18T15:27:36+0000 lvl=dbug msg=“LDAP SearchRequest” logger=ldap searchRequest="&{BaseDN:ou=Netgroup,dc=company,dc=com Scope:2 DerefAliases:0 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(|(sAMAccountName=userName)) Attributes:[samaccountname sn mail givenName memberOf] Controls:[]}\n"
t=2020-06-18T15:27:38+0000 lvl=eror msg=“No user was found in the LDAP server(s) with that username” logger=context userId=2 orgId=1 uname=userName error=“Did not find a user” remote_addr=10.X.X.X
t=2020-06-18T15:27:38+0000 lvl=info msg=“Request Completed” logger=context userId=2 orgId=1 uname=userName method=GET path=/api/admin/ldap/userName status=404 remote_addr=10.X.X.X time_ms=1604 size=72 referer=http://grafana:3000/admin/ldap
My config:
[[servers]]
host = “ldap.dalab.company.com”
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = “uid=puser,ou=people,dc=company,dc=com”
bind_password = ‘password123!’
search_filter = “(sAMAccountName=%s)”
search_base_dns = [“OU=Company Employees,OU=Company,DC=ad,DC=company,DC=com”]
[servers.attributes]
name = “givenName”
surname = “sn”
username = “samaccountname”
member_of = “memberOf”
email = “mail”
[[servers.group_mappings]]
group_dn = “ou=Netgroup,dc=company,dc=com”
org_role = “Admin”
[[servers.group_mappings]]
group_dn = “ou=Netgroup,dc=company,dc=com”
org_role = “Editor”
[[servers.group_mappings]]
group_dn = “ou=Netgroup,dc=company,dc=com”
org_role = “Viewer”
[[servers.group_mappings]]
group_dn = “*”
org_role = “Viewer”
Here’s the AD/LDAP values that one of our SA’s gave me:
ldap_id_use_start_tls = True
cache_credentials = True
ldap_search_base = dc=company,dc=com
chpass_provider = ldap
id_provider = ldap
auth_provider = ldap
debug_level = 0
ldap_uri = ${LDAPHost}
ldap_tls_cacertdir = /etc/openldap/cacerts
ldap_tls_reqcert = never
enumerate = true
ldap_netgroup_search_base = ou=Netgroup,dc=company,dc=com
ldap_default_bind_dn = uid=puser,ou=people,dc=company,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = messaging123!
… And here are some more values taken from Graylog3 which is already hooked up to LDAP:
“use_start_tls”: false,
“system_password”: “55555555555555”,
“principal_search_pattern”: “(&(objectClass=user)(sAMAccountName={0}))”,
“username_attribute”: “samaccountname”,
“system_password_salt”: “555555555”,
“system_username”: “dev_ro”,
“trust_all_certificates”: false,
“group_search_base”: “DC=ad,DC=company,DC=com”,
“default_group”: “5be9d43f0aec7ea4b118d90b”,
“group_search_pattern”: “”,
“active_directory”: true,
“enabled”: true,
“additional_default_groups”: [],
“group_id_attribute”: “cn”,
“search_base”: “OU=Company Employees,OU=Company,DC=ad,DC=Company,DC=com”,
“group_role_mapping_list”: [],
“ldap_uri”: “ldap://ldap.lab.company.com:389/”
Can someone PLEASE help me mapping the values I have to the values needed by the config to make this work?
$50 USD (Paypal) to the one that can help me. I really need to complete this part ASAP. In the end the result must be that we can not only map AD users and add them, but that also we can use the permissions i.e. admin/editor/viewer.
Thanks!