Hi,
Followed same as mentioned in below doc
but not able to authenticate user, tried to enable logs by changing log level to debug in ldap.toml file but i am not able to get logs file in /var/log/grafana
1 Like
@matthewb can u pls look into this
1 Like
@Kotha_Sambashiva_Rao,
You have provided no logs, no info, no steps, no information at all. I’m not sure how you expect me to help when I know nothing about what is going on.
1 Like
@matthewb
this edited in /etc/grafana/grafana.ini
my ldap.toml file
[log]
filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "<my ldap host>"
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = true
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "cn=<mail>,ou=users,dc=<org>,dc=<my-sso>,dc=com"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = '<password>'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(cn=%uid)"
# An array of base dns to search through
search_base_dns = ["dc=<org>,dc=<my-sso>,dc=com"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# group_search_filter_user_attribute = "uid"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "cn=admins,ou=groups,dc=grafana,dc=org"
org_role = "Admin"
# To make user an instance admin (Grafana Admin) uncomment line below
# grafana_admin = true
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id = 1
[[servers.group_mappings]]
group_dn = "cn=users,ou=groups,dc=grafana,dc=org"
org_role = "Editor"
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"
Error in ui
Not able to get logs though i enabled debug mode
1 Like
@matthewb Can you pls let me know where am i going wrong
Tried multiple changes to get it working
1 Like
I’m not familiar with LDAP.
1 Like