Grafana with ldap "Cannot authentificate admin user in LDAP" error

Could someone please help me, I am facing below error of “Cannot authentificate admin user in LDAP” while configuring ldap with grafana. I have enabled it from /etc/grafana/grafana.ini from auth.ldap section. I have also put filters = ldap:debug.

t=2020-05-14T11:14:03+0200 lvl=info msg=“LDAP enabled, reading config file” logger=ldap file=/etc/grafana/ldap.toml
t=2020-05-14T11:14:10+0200 lvl=eror msg=“Cannot authentificate admin user in LDAP” logger=ldap error=“Invalid Username or Password”
t=2020-05-14T11:14:10+0200 lvl=eror msg=“No user was found in the LDAP server(s) with that username” logger=context userId=1 orgId=1 uname=admin error=“Invalid Username or Password” remote_addr=x.x.x.x
t=2020-05-14T11:14:10+0200 lvl=info msg=“Request Completed” logger=context userId=1 orgId=1 uname=admin method=GET path=/api/admin/ldap/test status=404 remote_addr= time_ms=9 size=72 referer=https://x.x.x.x:3000/admin/ldap

enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true

My /etc/grafana/ldap.toml file looks like

host = “”
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true
root_ca_cert = “/etc/ipa/ca.crt”
bind_dn = “cn=admin,dc=data,dc=mmi”
bind_password = ‘xxxxxxxx’
#search_filter = “(cn=%s)”
search_base_dns = [“dc=data,dc=mmi”]
name = “"
surname = "

username = “"
member_of = "

email = “"
group_dn = "

org_role = “Viewer”

I am able to see the user in the same server with sssd client.

[root@grafana1 ~]# getent passwd test
test::381200015:381200015:test surname:/home/test:/bin/sh
[root@grafana1 ~]# getent passwd test@data.mmi
:381200015:381200015:test surname:/home/test:/bin/sh

my sssd file looks like below. The point here to note is the communication is happening with tls and cert file is provided /etc/ipa/ca.crt thats why I also mentioned it in grafana.ini as root_ca_cert.


cache_credentials = True
krb5_store_password_if_offline = True
ipa_domain = data.mmi
id_provider = ipa
auth_provider = ipa
access_provider = ipa
ipa_hostname =
chpass_provider = ipa
dyndns_update = True
ipa_server = srv,,
dyndns_iface = eth0
ldap_tls_cacert = /etc/ipa/ca.crt
services = nss, sudo, pam, ssh

I am able to connect cockroachDB with grafana with below configuration file for datasource and put into /etc/grafana/provisioning/datasource/

apiVersion: 1

  - name: Cockroachdb
    type: postgres
    url: <cockroach haproxy node>:26257
    database: <db name in CockroachDB>
    user: <user name in CockroachDB>
      password: "<passwod of user in CockroachDB>"
      tlsCACert: "<cockroach CA public key path"
      tlsClientCert: "<CockroachDB client public key path>"
      tlsClientKey: "<CockroachDB client private key path>"
      sslmode: "require" # disable/require/verify-ca/verify-full

      maxOpenConns: 0         # Grafana v5.4+
      maxIdleConns: 2         # Grafana v5.4+
      connMaxLifetime: 14400  # Grafana v5.4+
      postgresVersion: 903 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
      timescaledb: false

Also grafana with ldap(s) worked for me below is the config ldap.toml

host = ""
port = 636
use_ssl = true
ssl_skip_verify = true
root_ca_cert = "/etc/ipa/ca.crt"
bind_dn = "uid=admin,cn=users,cn=accounts,dc=xxx,dc=xxx"
bind_password = 'xxxx'
search_filter = "(uid=%s)"

We are good to close this post.