Grafana SSO ldap active directory


is it possible to use SSO with windows ldap active directory?

not without a http proxy

a guy said,

I have been able to do SSO by following these steps.

  1. Configuring LDAP with Grafana by following steps in grafana documentation
  2. Disabling the grafana login page by using Apache’s auth work together with Grafana’s AuthProxy documenation
  3. Integrating LDAP with Apache for reverse proxy authentication by modifying httpd.conf file as mentioned above
  4. Disabled reverse proxy authentication pop up by passing username and password into the url in the script.

With these steps I have been able to get SSO functionality.

how to configure this :slight_smile:

# Ldap server host (specify multiple hosts space separated)
host = ""
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"

# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = 'grafana'

# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = "(cn=%s)"

# An array of base dns to search through
search_base_dns = ["dc=grafana,dc=org"]

# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_filter_user_attribute = "distinguishedName"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]

# Specify names of the ldap attributes your ldap uses
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email =  "email"

i have this error :slight_smile:
lvl=info msg=“Ldap enabled, reading config file” logger=ldap file=/etc/grafana/ldap.toml
t=2019-08-05T10:19:08+0200 lvl=info msg=“Initial bind failed” logger=ldap error=“unable to read LDAP response packet: read tcp X.X.X.X:46326->X.X.X.X:3269: read: connection reset by peer”