Login admin ldap auth issue

Grafana Authentication
1

Hi guys,

Sorry, I had to add a few spaces in links, this forum doesn’t allow me more than 2 links because of to be my first post.

I’m having problems with LDAP authentication. In the first place I want to say that I’m not de AD admin and my experience with LDAP is low, but I’ve read a lot about that, many guides, and the official documentation, but… I have problems yet.

I’m using Grafana v6.6.2 (3fa63cfc34) on RedHat 7, I need to integrate the Active Directory with Grafana to authentication.

I ask for a user and a password to the AD, the AD team has created 3 groups (admin, editor, and viewer) and they give me the following information:

  • user
  • password
  • Domain: SomeDomain.net
  • DNS name: SomeDomain.net
  • host (here starting my doubts, they said to me “we have 7 servers for the domain”).

All IP hosts respond successfully to port 636 with telnet.

I have the following ldap.toml:

[[servers]]

Ldap server host (specify multiple hosts space separated)

host = “IP1 IP2 IP3 IP4 IP5 IP6 IP7” (before, here I tested with somedomain. net too)
port = 636
use_ssl = true
start_tls = false
ssl_skip_verify = true

set to the path to your root CA certificate or leave unset to use system defaults

root_ca_cert = “/path/to/certificate.crt”

Search user bind dn

bind_dn = “usr_grafana”

Search user bind password

If the password contains # or ; you have to wrap it with triple quotes. Ex “”"#password;"""

bind_password = “”“K0+?LP2El#x1Aj”""

User search filter, for example “(cn=%s)” or “(sAMAccountName=%s)” or “(uid=%s)”

search_filter = “(cn=usr_grafana)” (here I’ve tested with (cn=%s) and (sAMAccountName=%s))

An array of base dns to search through

search_base_dns = [“dc=somedomain,dc=net”]

Specify names of the ldap attributes your ldap uses

[servers.attributes]
name = “givenName”
surname = “sn”
username = “sAMAccountName”
member_of = “memberOf”
email = “email”

Map ldap groups to grafana org roles

[[servers.group_mappings]]
group_dn = “CN=GroupGrafana_Admin,CN=Users,dc=somedomain,dc=net”
org_role = “Admin”

The Grafana organization database id, optional, if left out the default org (id 1) will be used

#org_id = 1

[[servers.group_mappings]]
group_dn = “CN=GroupGrafana_Editor,CN=Users,dc=somedomain,dc=net”
org_role = “Editor”

[[servers.group_mappings]]

If you want to match all (or no ldap groups) then you can use wildcard

group_dn = “CN=GroupGrafana_Viewer,CN=Users,dc=somedomain,dc=net”
org_role = “Viewer”

But when I test from LDAP from Grafana LDAP Dashboard I don’t have good results because I received an error in the terminal.

t=2020-05-26T23:33:04-0500 lvl=eror msg=“Cannot authentificate admin user in LDAP” logger=ldap error=“Invalid Username or Password”
t=2020-05-26T23:33:04-0500 lvl=eror msg=“No user was found in the LDAP server(s) with that username” logger=context userId=1 orgId=1 uname=admin error=“Invalid Username or Password”

I have auth.ldap enabled in my settings.

|auth.ldap | |
|active_sync_enabled | true |
|allow_sign_up | true |
|config_file | /etc/grafana/ldap.toml |
|enabled | true |
|sync_cron | 0 0 1 * * * |

Please, guide me if I really wrong, I’m trying to understand everything but I don’t understand because I can’t connect Grafana with AD for authentication, I will attach the guide that I’m using.

techexpert.tips/es/grafana-es/autenticacion-ldap-de-grafana-en-active-directory

Thanks!