I am using Grafana v5.1.3 and would like to authenticate my users only via Active Directory LDAP
I enabled the option in the grafana.ini file and made the settings in ldap.toml
In
the grafana.ini file when I leave the allow_sign_up option as “true”
the users can log in normally via LDAP even though they are not
registered in the grafana database. In this case
they are created in the database of grafana automatically as Viewer
users, however, I would like only authentication via LDAP, but that only
those users pre-registered in grafana’s bank would have access. It is possible ?
So I’m trying to change the allow_sign_up option from the one set to “false”. In this case I create the user with the same name in the database of grafana, but this way the users can not login.
This is my ldap.toml file
filters = ldap:debug
[[servers]]
host = “myserver.mydomain.com”
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = “cn=MyCNName,ou=MyOUName,ou=MyOUName,dc=MydomainName,dc=MydomainName”
bind_password = ‘mypassword’
search_filter = “(sAMAccountName=%s)”
search_base_dns = ["ou=MyOUName,dc=MydomainName,dc= MydomainName "]
[servers.attributes]
name = “givenName”
surname = “sn”
username = “cn”
member_of = “memberOf”
email = “email”
Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "CN= MyCNName,OU= MyOUName,OU= MyCNName,DC= MydomainName,DC= MydomainName "
org_role = “Admin”
The Grafana organization database id, optional, if left out the default org (id 1)
will be used
org_id = 1
[[servers.group_mappings]]
group_dn = "CN= MyCNName,OU= MyOUName,OU= MyCNName,DC= MydomainName,DC= MydomainName "
org_role = “Editor”
[[servers.group_mappings]]
If you
want to match all (or no ldap groups) then you can use wildcard
group_dn = “*”
org_role = “Viewer”