Why my LDAP auth is not working

Grafana Authentication
1

What Grafana version and what operating system are you using? 12.3 on Docker

  • What are you trying to achieve? Login via Active Directory Account

  • Config: ldap.toml

  #filters = ldap:debug
  \[\[servers\]\]

  host = “ldaps://ad.contoso.root.local”

  port = 636

  use_ssl = true

  start_tls = false

  ssl_skip_verify = false

  root_ca_cert = “/etc/ssl/certs/company-ca.crt”

  bind_dn = “CN=usr4LDAPQuery,OU=Service Accounts,DC=contoso,DC=root,DC=local”

  bind_password = “4ldapquery”

  timeout = 25

  search_filter = “(userPrincipalName=%s)”

  search_base_dns = \[“DC=contoso,DC=root,DC=local”\]

  \[servers.attributes\]
  name = “givenName”
  surname = “sn”
  username = “sAMAccountName”
  member_of = “memberOf”
  email =  “email”

  \[\[servers.group_mappings\]\]
  group_dn = “CN=grafana_admin,OU=Groups,DC=contoso,DC=root,DC=local”
  org_role = “Admin”

  grafana_admin = true

  org_id = 1

  \[\[servers.group_mappings\]\]

  group_dn = “CN=grafana_view,OU=Groups,DC=contoso,DC=root,DC=local”
  org_role = “Viewer”

Error:

logger=context userId=0 orgId=0 uname= t=2025-11-21T03:31:12.487853467Z level=info msg=“Request Completed” method=POST path=/login status=401 remote_addr=10.245.94.129 time_ms=25 duration=25.380171ms size=94 referer=https:// grafana:3000 handler=/login status_source=server errorReason=Unauthorized errorMessageID=password-auth.failed error=“failed to authenticate identity: LDAP Result Code 201 “Filter Compile Error”: ldap: finished compiling filter with extra at end: serPrincipalName=grafana@contoso.net)\\n\[identity.not-found\] no user found: user not found”
logger=authn.service t=2025-11-21T03:31:12.487580988Z level=info msg=“Failed to authenticate request” client=auth.client.form error=“\[password-auth.failed\] failed to authenticate identity: LDAP Result Code 201 “Filter Compile Error”: ldap: finished compiling filter with extra at end: serPrincipalName=grafana@contoso.net)\\n\[identity.not-found\] no user found: user not found”

Gui-Error:

Login failed
Invalid username or password

Why do I think this could be a bug?

The error log contains the following sentence:

ldap: finished compiling filter with extra at end: serPrincipalName=…..

This should actually be UserPrincipalName=…

Username, Password, Certificate is correct and should be working.

Can somebody help me?