LDAP Server Configuration Issue

  • What Grafana version and what operating system are you using?
    Grafana Version 10.2.2

I’m trying to set up LDAP authentication, and it seems the wrong username is being picked up somewhere when trying to authenticate:

logger=ldap t=2024-01-16T02:49:42.536818687Z level=debug msg="LDAP SearchRequest" searchRequest="&{BaseDN:DC=NCCC,DC=COM,DC=TW Scope:2 DerefAliases:0 SizeLimit:0 TimeLimit:0 TypesOnly:false Filter:(|(uid=admin)) Attributes:[cn sn mail uid memberOf] Controls:[]}\n"
logger=ldap t=2024-01-16T02:49:42.537378316Z level=debug msg="unable to login with LDAP - skipping server" host= port=389 error="can't find user in LDAP"
logger=authn.ldap t=2024-01-16T02:49:42.53745022Z level=debug msg="User was not found in the LDAP directory tree" username=admin
logger=authn.password t=2024-01-16T02:49:42.538720394Z level=debug msg="Failed to authenticate password identity" client=ldap error="[identity.not-found] no user found: did not find a user"

It looks like the username is being set to admin, however my /etc/ldap.toml looks like this:

host = ""
port = 389
use_ssl = false
start_tls = false

bind_dn = "cn=root"
bind_password = 'password'

timeout = 10

search_filter = "(uid=%s)"
search_base_dns = ["DC=NCCC,DC=COM,DC=TW"]

name = "uid"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "mail"

so I’m not sure where the uid=admin is coming from.

my grafana.ini looks like this:

enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
check_for_updates = true
url = https://grafana.net
mode = console file
level = debug
filters = ldap:debug
data = /var/lib/grafana/
logs = /var/log/grafana
plugins = /var/lib/grafana/plugins
provisioning = /etc/grafana/provisioning
domain = ''

Any help would be appreciated, thank you!

Any ideas anyone? It seems something is overriding my configuration

Hi @ajhollid,

Welcome to the :grafana: community support forums !!

We are excited that you joined our OSS community. Please read about some of the FAQs in the community :slight_smile:

Did you already check the documentation regarding it i.e.