Configure client certificate authentication not working

  • What Grafana version and what operating system are you using? 8.3.3

  • What are you trying to achieve? User access to grafana with certification authentication. I have currently successfully configured grafana with ldaps and I am able to search for users and attributes. I cannot authenicate a user against our ldap server with certification authentication. I have to create a new user and assign a password to authenticate a new user. It is not using the ldap I can configured. But again, I can search via ldap successfully. Please provide some guidance on how I achieve this.

  • How are you trying to achieve it?
    defaults.ini
    [auth.ldap]
    enabled = true
    config_file = /opt/grafana/conf/ldap.conf
    sync_cron = “0 0 1 * * *”
    active_async_enabled = true

ldap.toml
host = ldap host fqdn
port = 636
use_ssl = true
root_ca_cert = “path to ca + cacert.pem”
client_cert = “path to client + cert.pem”
client_key = “path to key/key.pem”
bind_dn = cn server cert
bind_password = ‘password of server cert’
search_filter = “(cn%s)”
search_base_dns = [“ou=xxx,ou=xxx,ou=xxx,o=xxx”]
name = “givenname”
surname = “sn”
username = “cn”
memberof = “ismemberof”
email = “internalemail”

  • What happened? I am able to see the user when I use the ldap search feature from the menu. I just cannot authenticate a user via certificate. I can only use username and password. If I try I get invalid username or password in log

  • What did you expect to happen? I am hoping to be able to authenticate user via certificate or at a minimum be able to search and apply ldap groups to the teams/folders access.

  • Can you copy/paste the configuration(s) that you are having problems with?

listed above

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were. password is required from front menu

  • Did you follow any online instructions? If so, what is the URL? yes…

Configure LDAP Authentication | Grafana documentation

That actually seemed to work…I just don’t understand how to configure for certificate authenticaiton.

Also, the goal is to get the user’s ismemberof role to be assigned to a team/file.