Hash LDAP.toml password

Morning all,

I have configured my LDAP.toml file to authenticate users from my windows server but this means that the password used to authenticate between Grafana and Active Directory is stored in plain text. I have tried to use a python script and calling hashlib to hash the password but then it obviously can not compare my hashed password in LDAP with Active Directory.

Is there a way to store a hashed password for LDAP and still work? This is a security issue and can not have it left as a plain text.

Cheers and thank you.

Figured it out.

The Grafana LDAP instructions seem to be incorrect. Instead of adding bind_dn = “CN=%s” you change it to bind_dn = “domain\%s”.

This allowed me to sync without storing a password in plain text in the LDAP.toml file.

I see that someone has the same issue in Sept 21 and never received a response so hopefully this will help those in the future.

1 Like