Getting Ldap logging working

Grafana Authentication
1

Hi,

I’m trying to configure LDAP without success so far. First of all, I’d like to get an LDAP sign of life when I try to connect. I don’t get any single debug level message in the logs from ldap when I try to connect. Is it normal ?

Running 4.4.3 under windows.

Defaults.ini : untouched

Custom.ini file :

[log]
# Either "console", "file", "syslog". Default is console and  file
# Use space to separate multiple modes, e.g. "console file"
;mode = console file

# Either "trace", "debug", "info", "warn", "error", "critical", default is "info"
level = debug

# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
filters = ldap:debug


[auth.ldap]
enabled = true
config_file = D:\Business\grafana-4.3.2\conf\ldap.toml
allow_sign_up = false

log file :

t=2017-08-22T14:21:45+0200 lvl=info msg=“Ldap enabled, reading config file” logger=ldap file=D:\Business\grafana-4.3.2\conf\ldap.toml
t=2017-08-22T14:21:45+0200 lvl=info msg=“Starting plugin search” logger=plugins
t=2017-08-22T14:21:45+0200 lvl=dbug msg=“Checking for updates”
t=2017-08-22T14:21:45+0200 lvl=info msg=“Initializing Alerting” logger=alerting.engine
t=2017-08-22T14:21:45+0200 lvl=info msg=“Initializing CleanUpService” logger=cleanup
t=2017-08-22T14:21:45+0200 lvl=info msg=“Initializing Stream Manager”
t=2017-08-22T14:21:45+0200 lvl=info msg=“Initializing HTTP Server” logger=http.server address=0.0.0.0:8080 protocol=http subUrl= socket=
t=2017-08-22T14:21:46+0200 lvl=dbug msg=“Scheduling update” logger=alerting.scheduler ruleCount=0
t=2017-08-22T14:21:50+0200 lvl=dbug msg=“Looking for App Dashboard Updates” logger=plugins
t=2017-08-22T14:21:56+0200 lvl=dbug msg=“Scheduling update” logger=alerting.scheduler ruleCount=0
t=2017-08-22T14:22:06+0200 lvl=dbug msg=“Scheduling update” logger=alerting.scheduler ruleCount=0
t=2017-08-22T14:22:07+0200 lvl=eror msg=“Invalid username or password” logger=context userId=0 orgId=0 uname= error=“Invalid Username or Password”
t=2017-08-22T14:22:07+0200 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=POST path=/login status=401 remote_addr=[::1] time_ms=21 size=42 referer=http://localhost:8080/login
t=2017-08-22T14:22:07+0200 lvl=info msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=GET path=/api/login/ping status=401 remote_addr=[::1] time_ms=1 size=26 referer=http://localhost:8080/login

thanks for you help!
Vincent

2

You should see something like this when you login in to Grafana via ldap:

image
image2499×57 22.7 KB

(in text form)

DBUG[08-24|11:20:09] Ldap User found                          logger=ldap info="(*login.LdapUserInfo)(0xc42043af50)({\n DN: (string) (len=28) \"cn=tester1,dc=grafana,dc=org\",\n FirstName: (string) \"\",\n LastName: (string) (len=10) \"Testersson\",\n Username: (string) (len=7) \"tester1\",\n Email: (string) \"\",\n MemberOf: ([]string) {\n }\n})\n"
DBUG[08-24|11:20:09] Syncing user info                        logger=ldap username=tester1

I tested with the following config:

[auth.ldap]
enabled = true
config_file = conf/ldap.toml
allow_sign_up = true

[log]
level = debug
filters = ldap:debug
3

Thanks a lot, I did another test session this morning. There is actually no problem.

The thing is when the bind_dn is correct, and when the user is not found in LDAP, there is absolutely no LDAP message from Grafana. I thought there would be at least one showing the unsuccesful LDAP query to find anyone.

To get an ldap message, I have to try logging in with valid user.
And yes I was only testing with non existing users because I configured the “cn” instead of the mail or login !

I should manage by now.
Best regards