In our production environment we have Grafana 6.7 and it’s integrated with RH IdM/FreeIPA servers that manage users and groups in our installation.
We are in the process of upgrade to 7.4. However, the LDAP integration is not working. Obviously we have an identical setup between the two environments and we cannot understand why LDAP authentication fails.
In the 7.4 Grafana
When we login with the admin user, the list of users is empty (only the admin is present). In 6.7 obviously we can see all the users.
In the /var/log/messages of the 7.4 Grafana we see this:
May 3 12:09:27 grafana01 grafana-server: t=2021-05-03T12:09:27+0200 lvl=info msg="LDAP enabled, reading config file" logger=ldap file=/etc/grafana/ldap.toml May 3 12:09:27 grafana01 grafana-server: t=2021-05-03T12:09:27+0200 lvl=eror msg="Cannot authenticate admin user in LDAP" logger=ldap error="invalid username or password" May 3 12:09:27 grafana01 grafana-server: t=2021-05-03T12:09:27+0200 lvl=eror msg="Invalid username or password" logger=context userId=0 orgId=0 uname= error="invalid username or password" remote_addr=10.1.10.7
The IdM logs looks like they are not even contacted. No error either for the bind user nor the actual user.
So, we have a couple of questions:
- How can we enable debug logging for the LDAP in order to actually see what the error is?
- Is something changed between 6.7 and 7.4 with regards to LDAP authentication?