Grafana v8.3.3, CentOS 8.2, Redhat Identity Management LDAP.
LDAP mapping in Grafana is not working. I can login with an LDAP account and the ‘Test user mapping’ returns a user, but no user information is shown, i.e. no corresponding ldap attirbute for first name, last name etc. Also, the user is not listed in Server Admin > Users (i.e. user is not sync’d) when logged in so you can’t do any management to the user.
/etc/grafana/ldap.toml
[server.attributes]
email = “mail”
member_of = “memberOf”
name = “givenName”
surname = “sn”
username = “uid”
[[servers]]
bind_dn = “uid=admin,cn=users,cn=accounts,dc=hpc,dc=uwa,dc=edu,dc=au”
bind_password = “*****”
group_search_base_dns = [“cn=groups,cn=accounts,dc=hpc,dc=uwa,dc=edu,dc=au”]
host = “.hpc.uwa.edu.au”
port = 636
search_base_dns = [“cn=users,cn=accounts,dc=hpc,dc=uwa,dc=edu,dc=au”]
search_filter = “(uid=%s)”
ssl_skip_verify = true
start_tls = false
use_ssl = true
There are no errors in the logs. I just get a request completed http 400 entry.
The only slightly non-standard config is auth anonymous and auto_assign to org id = 2
[auth.anonymous]
enabled = true
org_name = uwa
org_role = Viewer
[users]
allow_sign_up = false
auto_assign_org = true
auto_assign_org_id = 2
Any help appreciated.
tuxem
February 8, 2023, 10:18am
2
forgitit:
[server.attributes]
Same issue here with docker grafana 9.3.6. Only 1 LDAP user can login because Email, Login and Name are empty.
On the AD, users have all mapped attributes.
Grafana LDAP debug logs :
level=debug msg="LDAP users found" users="[{OAuthToken:<nil> AuthModule: ldap AuthId:<myUserDN> UserId: 0 Email: Login: Name: Groups:[<list of users DN groups>] orgRoles:map[1:Admin] IsGrafanaAdmin:0xc02396605 IsDisabled:false}]"
ldap.toml :
[[servers]]
host = <myAD>
port = 636
use_ssl = true
start_tls = false
bind_dn = "DOMAIN\\%S"
search_filter = "(sAMAccountName=%s)"
search_base_dns = [
"dc=domain,dc=tld"
]
group_search_filter = "(member:1.2.840.113556.1.4.1941:=%s)"
group_search_base_dns = [ "dc=domain,dc=tld" ]
group_search_filter_user_attribute = "dn"
[server.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "mail"
[[servers.group_mapping]]
org_id = 1
group_dn = "CN=<mygroup>,OU=<my-ou>,DC=domain,DC=tld"
org_role = "Admin"
grafana_admin = true
grafana.ini :
[auth.ldap]
enabled = True
config_file = /etc/grafana/ldap.toml
allow_sign_up = True
tuxem
February 8, 2023, 2:22pm
3
FOUUUUND IT !!!
We both mispelled a category, we wrote server.attributes
instead of servers.attributes
. Yes, look at the ‘s’ missing in servers ^^
This answer just saved my day!
I had been struggling with this for a week, unitl i came accross your post.
Thank you so much for this