LDAP is working, but no permission to datasources

i have a problem with my apache + samba + grafana + influxdb setup.
Grafana and influxdb alone are worked how they should, but now with samba and apache i get a wirred error.
I can create datasouces, but i can’t delete them or request data from it.
LDAP is working like aspected, i can login with the stock grafana admin and also with a SAMBA AD user, which is in a grafana group.
Also my Apache reverse Proxy is working.

thanks in advance

The error which i get from the datasouce page is:


<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don’t have permission to access /api/datasources/1 on this server.<br /> </p> </body></html>

There is no other info or error in the logfile when the error appears on the website.

Here is the log when i log in with a LDAP User:

t=2018-10-15T22:22:27+0200 lvl=info msg=“Request Completed” logger=context userId=2 orgId=1 uname=“Hans Wurst” method=GET path=/logout status=302 remote_addr= time_ms=141 size=29 referer=https://grafana.xyz.dynu.net/datasources/edit/2
t=2018-10-15T22:22:27+0200 lvl=dbug msg=“Scheduling update” logger=alerting.scheduler ruleCount=0
t=2018-10-15T22:22:35+0200 lvl=dbug msg=“Ldap User found” logger=ldap info="(*login.LdapUserInfo)(0xc0003afce0)({\n DN: (string) (len=75) “CN=Hans Wurst,OU=Familie,OU=Benutzer,DC=xyz,DC=dynu,DC=net”,\n FirstName: (string) (len=13) “Hans”,\n LastName: (string) (len=6) “Wurst”,\n Username: (string) (len=20) “Hans Wurst”,\n Email: (string) (len=26) "hans@xyz.dynu.net",\n MemberOf: ([]string) (len=10 cap=16) {\n (string) (len=54) “CN=Domain Admins,CN=Users,DC=xyz,DC=dynu,DC=net”,\n (string) (len=57) “CN=Administrators,CN=Builtin,DC=xyz,DC=dynu,DC=net”,\n (string) (len=62) “CN=Familie,OU=Familie,OU=Benutzer,DC=xyz,DC=dynu,DC=net”,\n (string) (len=65) “CN=pyLoadUsers,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”,\n (string) (len=63) “CN=cupsUsers,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”,\n (string) (len=68) “CN=nextcloudUsers,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”,\n (string) (len=62) “CN=vpnUsers,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”,\n (string) (len=95) “CN=Roaming User Profiles Users and Computers,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”,\n (string) (len=78) “CN=Folder Redirection Users,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”,\n (string) (len=67) “CN=GrafanaAdmins,OU=Sicherheitsgruppen,DC=xyz,DC=dynu,DC=net”\n }\n})\n"

So problem solved.
The error comes from the apache security module, not from grafana.
Now all is working, LDAP + Apache Reverse Proxy.