Ldap configuration not wroking

Followed same as mentioned in below doc

but not able to authenticate user, tried to enable logs by changing log level to debug in ldap.toml file but i am not able to get logs file in /var/log/grafana

1 Like

@matthewb can u pls look into this

1 Like

You have provided no logs, no info, no steps, no information at all. I’m not sure how you expect me to help when I know nothing about what is going on.

1 Like

this edited in /etc/grafana/grafana.ini

my ldap.toml file

filters = ldap:debug

# Ldap server host (specify multiple hosts space separated)
host = "<my ldap host>"
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = true
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"

# Search user bind dn
bind_dn = "cn=<mail>,ou=users,dc=<org>,dc=<my-sso>,dc=com"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = '<password>'

# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(cn=%uid)"

# An array of base dns to search through
search_base_dns = ["dc=<org>,dc=<my-sso>,dc=com"]

## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# group_search_filter_user_attribute = "uid"

# Specify names of the ldap attributes your ldap uses
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email =  "email"

# Map ldap groups to grafana org roles
group_dn = "cn=admins,ou=groups,dc=grafana,dc=org"
org_role = "Admin"
# To make user an instance admin  (Grafana Admin) uncomment line below
# grafana_admin = true
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id = 1

group_dn = "cn=users,ou=groups,dc=grafana,dc=org"
org_role = "Editor"

# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"

Error in ui

Not able to get logs though i enabled debug mode

1 Like

@matthewb Can you pls let me know where am i going wrong
Tried multiple changes to get it working

1 Like

I’m not familiar with LDAP.

1 Like