Grafana in docker, querying 2 Samba-LDAP-servers

  • What Grafana version and what operating system are you using?

11.3.1 in docker on debian 12.8.0

  • What are you trying to achieve?

We run 2 samba-AD-domain-controllers, grafana should use both of them as auth backends.

  • How are you trying to achieve it?

  • provide the 2 separate CA.pems as volume mounts in docker-compose.yml

  volumes: 
      - ./grafana/adc1_ca.pem:/etc/grafana/adc1_ca.pem:ro
      - ./grafana/adc2_ca.pem:/etc/grafana/adc2_ca.pem:ro
  • 2 sections in ldap.toml, one per AD-DC, pointing to the relevant ca.pem each:
### ADC1

[[servers]]
host = "adc1.our.tld"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true

root_ca_cert="/etc/grafana/adc1_ca.pem"

### ADC2

[[servers]]
host = "adc2.our.tld"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true

root_ca_cert="/etc/grafana/adc2_ca.pem"
  • What happened?

Things work for adc2, not for adc1

Connection error
adc1.arbeitsgruppe.ikw-amstetten.at:636
failed to append CA certificate
  • What did you expect to happen?

Working connection to both DCs.
Things work when using exactly the same servers with pfSense auth servers (for OpenVPN, for example)

  • Did you follow any online instructions? If so, what is the URL?
  • question

Is it supported to use 2 separate ca.pems like I try?
Or does the 2nd cert overwrite the first somehow …

I also had both pems in one file. Didn’t work either, although with a different error (I can reconstruct that, if needed).