LDAP Debug Logging Grafana 5.0.3

I am struggling with ldap auth.

However, when I turn on filter = ldap:debug I get no additional logging for the ldap auth. When I do tcpdump -n port 636 I see that grafana is trying to talk to the ldap-server. But no loglines appear in /var/log/grafana.log.

So it seems the ldap verbose logging does not work any more. I have also tried verbose_logging = 1 and true in ldap.toml, no additional loglines show up either.

Is this a typo here or is that what you have in your ini file? Should be an s after filter.

These are my ini settings for logging:

[log]
mode = console
filters = ldap:debug

When you attempt to log in with a user then you should either see the following in your logs:

DBUG[03-28|17:24:09] Ldap User found                          logger=ldap info="(*login.LdapUserInfo)(0xc4203069a0)({\n DN: (string) (len=28) \"cn=tester1,dc=grafana,dc=org\",\n FirstName: (string) \"\",\n LastName: (string) (len=10) \"Testersson\",\n Username: (string) (len=7) \"tester1\",\n Email: (string) \"\",\n MemberOf: ([]string) {\n }\n})\n"
DBUG[03-28|17:24:09] Syncing user info                        logger=ldap username=tester1

or if it fails (incorrect password):

DBUG[03-28|17:33:47] Ldap User found                          logger=ldap info="(*login.LdapUserInfo)(0xc4203c53b0)({\n DN: (string) (len=28) \"cn=tester1,dc=grafana,dc=org\",\n FirstName: (string) \"\",\n LastName: (string) (len=10) \"Testersson\",\n Username: (string) (len=7) \"tester1\",\n Email: (string) \"\",\n MemberOf: ([]string) {\n }\n})\n"
INFO[03-28|17:33:47] Second bind failed                       logger=ldap error="LDAP Result Code 49 \"Invalid Credentials\": "
EROR[03-28|17:33:47] Invalid username or password             logger=context userId=0 orgId=1 uname= error="Invalid Username or Password"

I have this in my log file (copy and pasted now, I wrote it in my initial post).

And I get no ldap-logging.

[log]
mode = console file
level = info
filters = ldap:debug

And just to double check - did you restart Grafana after changing the ini file?

Are there any errors in the logs when starting Grafana?

Yes, I restarted.

It seems that it will not log anything unless the user is present in ldap.

I got a log line now, thanks for the help.

And now I also got the ldap + groupmapping to work correctly with our ldap-server.

I know this part of Grafana isn’t great. We have someone working on improving the LDAP support right now and those changes should be coming in the 5.1 or 5.2 release. Anyway - great to hear you got it working.

1 Like

Hello,

Have no debug messages on the logs, but the “only” LDAP activity on my installation seems to be when registering the user. Registrations goes well without any issue, but when users are changing their LDAP password, the only valid password for Grafana remains the one that was valid at the registration time.

This is really strange as Grafana itself shows all the messages saying this is a LDAP user, blah blah…

Regards,
Arnaud