Hi. I am trying to configure Grafana to allow both username and email login with LDAP talking to Active Directory.
I’m following the example configuration given here: Configure LDAP authentication | Grafana documentation
I also tried following the example given in the first snippet here:
Specifically this:
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = "(cn=%s)"
I have tried several values for search_filter (to use both sAMAccountName and userPrincipalName, or sAMAccountName and mail, etc). In all cases, my users can only authenticate via their sAMAccountName and not via any of the email attributes.
This is very frustrating, since the frontpage still says “Email or username” no matter how this is configured. It leads users to attempt logging in with their email address, then ask for help when it does not work.
I even tried editing the static web assets in the container image to change the “Email or username” text, and this did not take effect either. I’ll come back to that part later :}
Does anyone have a working example of how to configure LDAP so that both email and username logins work with AD? This seems like something that should be standardized by now…