- What Grafana version and what operating system are you using?
11.3.1 in docker on debian 12.8.0
- What are you trying to achieve?
We run 2 samba-AD-domain-controllers, grafana should use both of them as auth backends.
-
How are you trying to achieve it?
-
provide the 2 separate CA.pems as volume mounts in docker-compose.yml
volumes:
- ./grafana/adc1_ca.pem:/etc/grafana/adc1_ca.pem:ro
- ./grafana/adc2_ca.pem:/etc/grafana/adc2_ca.pem:ro
- 2 sections in ldap.toml, one per AD-DC, pointing to the relevant ca.pem each:
### ADC1
[[servers]]
host = "adc1.our.tld"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
root_ca_cert="/etc/grafana/adc1_ca.pem"
### ADC2
[[servers]]
host = "adc2.our.tld"
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
root_ca_cert="/etc/grafana/adc2_ca.pem"
- What happened?
Things work for adc2, not for adc1
Connection error
adc1.arbeitsgruppe.ikw-amstetten.at:636
failed to append CA certificate
- What did you expect to happen?
Working connection to both DCs.
Things work when using exactly the same servers with pfSense auth servers (for OpenVPN, for example)
- Did you follow any online instructions? If so, what is the URL?
- question
Is it supported to use 2 separate ca.pems like I try?
Or does the 2nd cert overwrite the first somehow …
I also had both pems in one file. Didn’t work either, although with a different error (I can reconstruct that, if needed).