Hi all,
Grafana Version = v8.1.0 (62e720c06b)
I’ve got this issues on LDAP authentication
t=2021-08-17T10:59:24+0200 lvl=info msg=“LDAP enabled, reading config file” logger=ldap file=/etc/grafana/ldap.toml
t=2021-08-17T10:59:24+0200 lvl=eror msg=“Cannot authenticate admin user in LDAP” logger=ldap error=“invalid username or password”
t=2021-08-17T10:59:24+0200 lvl=dbug msg=“unable to login with LDAP - skipping server” logger=ldap host=[LDAP Server not diplay] port=636 error=“invalid username or password”
t=2021-08-17T10:59:24+0200 lvl=eror msg=“Invalid username or password” logger=context userId=0 orgId=0 uname= error=“invalid username or password” remote_addr=[IP Not display]
My configuration ldap.toml
[[servers]]
host = “no display host”
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
root_ca_cert = “not display path”
client_cert = “not display path”
client_key = “not display path”
bind_dn = “not display DN”
bin_user = “not display path user”
bind_password = ‘not display password’
search_filter = “(cn=%s)”
search_base_dns = [“not display BASE DN”]
group_search_filter = “(&(objectClass=posixGroup)(memberUid=%s))”
group_search_base_dns = ["not display "]
group_search_filter_user_attribute = “samAccountName”
[[servers.group_mappings]]
group_dn = “"
org_role = “Admin”
[[servers.group_mappings]]
group_dn = "”
org_role = “Viewer”
[servers.attributes]
name = “givenName”
surname = “sn”
username = “sAMAccountName”
member_of = “memberOf”
email = “email”
you have to create a service account on your ldap server with the bind_password to access the ldap database. once you have account/password you need to put in the file :
bind_dn = “CN=grafana,OU=grafana,DC=test,DC=example,DC=com”
bind_password = ‘grafana’
Thanks @allaboutopensource same issue :
This seems to be LDAP access/credential issue. Install openldap-clients on the landing Linux machine and then try to authenticate the account user using ldapbind command 
ldapbind -h myhost -p 389 -D "cn=test" -w test123
This command authenticates user test to the directory server myhost located at port 389, using the password test123 .
User exist because i use it to another web application. Usefull to authenticate LDAP user :
i test with ldapsearch no success, but seams to be a bad command :
extended LDIF
LDAPv3
base <> (default) with scope subtree
filter: (objectclass=*)
requesting: ALL
search result
search: 2
result: 32 No such object
text: 0000208D: NameErr: DSID-0310021C, problem 2001 (NO_OBJECT), data 0, best
match of:
‘’
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563
Estou com mesmo problema, configuramos corretamente a arvore e o erro que recebemos aqui é isso.
Nosso ad esta na aws, criamos um user de aplicacao no AD.
O usuário
Aug '21
O usuário existe porque eu o uso para outro aplicativo da web. Útil para autenticar o usuário LDAP:
eu testo com ldapsearch sem sucesso, mas parece ser um comando ruim:
LDIF estendido
LDAPv3
base <> (padrão) com subárvore de escopo
filtro: (objectclass=*)
solicitando: TODOS
resultado da pesquisa
pesquisa: 2
resultado: 32 Nenhum
texto de objeto: 0000208D: NameErr: DSID-0310021C, problema 2001 (NO_OBJECT), dados 0, melhor
correspondência de:
‘’
ldap_bind: credenciais inválidas (49)
informações adicionais: 80090308: LdapErr: DSID-0C090439, comentário: erro AcceptSecurityContext, dados 52e, v4563
