LDAP Authentication failure using SSL

Grafana Configuration
1

Hi,

I’m having issues with AD LDAP Authentication for Grafana openSource version.
Error:
t=2020-03-20T04:46:25-0400 lvl=dbug msg=“unable to dial LDAP server” logger=ldap host=capos0a000142 port=3269 error=“LDAP Result Code 200 “Network Error”: read tcp 10.193.86.14:59540->10.193.89.11:3269: read: connection reset by peer”
t=2020-03-20T04:46:25-0400 lvl=eror msg=“Error while trying to authenticate user” logger=context userId=0 orgId=0 uname= error=“LDAP Result Code 200 “Network Error”: read tcp 10.193.86.14:59540->10.193.89.11:3269: read: connection reset by peer”

A few facts:

Source Grafana server:

  • Grafana Version 6.5.1 (commit: 1763a0f, branch: HEAD)
  • the authentication WORKS using port 389, no SSL
  • the relevant communication over AD GC SSL ports is opened (3269)
  • used server name, IP as the host with the same result (not working)
  • grafana.ini
    [auth.ldap]
    enabled = true
    config_file = /etc/grafana/ldap.toml
    allow_sign_up = true
    level = debug
  • ldap.toml:
    [[servers]]
    host = “nameofthehost”
    port = 3269
    use_ssl = true
    start_tls = false
    ssl_skip_verify = true
    bind_dn = “cn=srv_grafana,ou=Service Accounts,ou=SHD2,dc=shd2,dc=lan”
    search_filter = “(sAMAccountName=%s)”
    search_base_dns = [“dc=clickfoxshd2,dc=lan”]
    [servers.attributes]
    name = “givenName”
    surname = “sn”
    username = “sAMAccountName”
    member_of = “memberOf”
    email = “email”
    [[servers.group_mappings]]
    group_dn = “cn=admins,ou=groups,dc=grafana,dc=org”
    org_role = “Admin”
    [[servers.group_mappings]]
    group_dn = “cn=g-grafana-admins,ou=Groups,ou=SHD2,dc=shd2,dc=lan”
    org_role = “Admin”
    [[servers.group_mappings]]
    group_dn = “cn=g-grafana-viewers,ou=Groups,ou=SHD2,dc=shd2,dc=lan”
    org_role = “Viewer”
    [[servers.group_mappings]]
  • openssl to the target server works on 663 or 3269 ports
  • no certificates involved
  • the same Grafana configuration works on DEV environment

source AD server:

  • ldp.exe on ports 389, 636, 3269 works fine using server name or localhost
  • the same Grafana configuration works on DEV environment
  • cannot find any significant errors in the events
  • same situation when using the 2nd AD server

Any suggestions are highly appreciated!