On the Grafana server, open /etc/grafana/ldap.toml
vim /etc/grafana/ldap.tomlWe'll pick up config at bind_dn - everything before this option is auth server related.
To setup the bind DN, use the following format
bind_dn = "service.ldap@ad.example.com"
bind_password = '*********************'Setup a search filter - this is what mine looks like
search_filter = "(|(memberOf=CN=Grafana_Admin,OU=Groups,DC=ad,DC=example,DC=com)(memberOf=CN=Grafana_Editor,OU=Groups,DC=ad,DC=example,DC=com)(memberOf=CN=Grafana_Viwer,OU=Groups,DC=ad,DC=example,DC=com))"Set the base search DN
search_base_dn = ["CN=Users,DC=ad,DC=example,DC=com"]Set the server.attributes to sync the correct parameters from the auth server to Grafana. I'm using WinAD - this is my config
[servers.attributes]
name = "name"
#surname = "sn"
username = "sAMAccountName"
member_of = "memberOf"
email = "mail"To setup group mappings, map each org_role to an LDAP group. When a user logs in, they will be assigned to their corresponding group
[[servers.group_mappings]]
group_dn = "CN=Grafana_Admin,OU=Groups,DC=ad,DC=example,DC=com"
org_role = "Admin"
org_id = 1
[[servers.group_mappings]]
group_dn = "CN=Grafana_Editor,OU=Groups,DC=ad,DC=example,DC=com"
org_role = "Editor"
org_id = 1
[[servers.group_mappings]]
group_dn = "CN=Grafana_Viewer,OU=Groups,DC=ad,DC=example,DC=com"
org_role = "Viewer"
org_id = 1