Hi. I facing some issue allowing specific LDAP users to use Grafana.
Grafana is logging fine when i use below search filter then login in GUI successfully.
search_filter = “(sAMAccountName=%s)”
But we dont want to use the above search_filter because this will allow all users in the company to access Grafana url without approval from management/application team. I tried the below search filter but it seems Grafana is not passing the correct user to LDAP.
search_filter = “(|(sAMAccountName=user1)(sAMAccountName=user2)(sAMAccountName=user3)”
in GUI i tried to login using user2 and get prompted with “Invalid username or password”. When I checked the logs, it says like below:
t=2021-05-10T12:01:30+0400 lvl=eror msg=“Cannot bind user CN=user3,OU=something,OU=Users,OU=com,DC=corp,DC=xx,DC=ae with LDAP” logger=ldap error=“invalid username or password”
The input user in frontend is user2 but in logs it is user3. I need help to resolve this. we don’t use group search filter as it is long process to get a user added to group. So we are trying to filter by specific CN or sAMAccountName from ldap.toml used by Grafana.