I am trying to connect to a ldap server.
ldap is activated and ldap.toml file is read, posted below.
I did not find any macthing issue in the community, only some with “unable to dial LDAP server” with network or cert problems, that were clearly stated in the log.
DEBUG activated for ldap.
grafana.log when trying to log in interactively:
DBUG[01-26|07:47:55] unable to dial LDAP server logger=ldap host=172.22.91.102 port=636 error=“unable to read LDAP response packet: unexpected EOF”
t=2021-01-26T07:47:55+0100 lvl=dbug msg=“unable to dial LDAP server” logger=ldap host=172.22.91.102 port=636 error=“unable to read LDAP response packet: unexpected EOF”
EROR[01-26|07:47:55] Error while trying to authenticate user logger=context userId=0 orgId=0 uname= error=“unable to read LDAP response packet: unexpected EOF” remote_addr=192.168.206.4
t=2021-01-26T07:47:55+0100 lvl=eror msg=“Error while trying to authenticate user” logger=context userId=0 orgId=0 uname= error=“unable to read LDAP response packet: unexpected EOF” remote_addr=192.168.206.4
EROR[01-26|07:47:55] Request Completed logger=context userId=0 orgId=0 uname= method=POST path=/login status=500 remote_addr=192.168.206.4 time_ms=94 size=53 referer=https://172.22.91.74:3000/login
t=2021-01-26T07:47:55+0100 lvl=eror msg=“Request Completed” logger=context userId=0 orgId=0 uname= method=POST path=/login status=500 remote_addr=192.168.206.4 time_ms=94 size=53 referer=https://172.22.91.74:3000/login
Network is OK:
→ curl -v telnet://172.22.91.102:636
- Rebuilt URL to: telnet://172.22.91.102:636/
- Trying 172.22.91.102…
- TCP_NODELAY set
- Connected to 172.22.91.102 (172.22.91.102) port 636 (#0)
ldap.toml file:
→ cat /etc/grafana/ldap.toml
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = “172.22.91.102”
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = true
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = true
# set to true if you want to skip SSL cert validation
ssl_skip_verify = true
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = “/path/to/certificate.crt”
# Authentication against LDAP servers requiring client certificates
# client_cert = “/path/to/client.crt”
# client_key = “/path/to/client.key”
# Search user bind dn
bind_dn = “dc=group,dc=corp”
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex “”"#password;"""
#bind_password = ‘grafana’
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = “(cn=%s)”
# An array of base dns to search through
search_base_dns = [“dc=group,dc=corp”]