#Grafana and ldap users

Hi All,

I'm running nabox 4.0.7. I've added LDAP (AD) configuration in the nabox Web UI and in Grafana I can now successfully lookup on my own username, so all great!

But ... How do I configure Grafana users (or groups)? On the Grafana Users page I can add "Users" or "Organisation users", but there doesn't seem to be any way to specifiy that the user is an LDAP user i.e. not locally defined. What am I missing?

Ideally I had it in mind to map a Grafana Group or Team to our AD Group, so that it would not be necessary to create user records for each user. If you see what I mean.

Thanks in advance!

@plain lichen

Hey Robb, in the NAbox settings page for LDAP, you define the AD groups that are either admins, edotors, or guests, are you looking for something else ?

Hi again, sorry about the delay in responding. So maybe I misunderstood the way this works. Is it enough to configure the access via the nabox UI ... And it is not necessary to do anything with Users in the Grafana UI?

Where can I find log messages related to the ldap authentication process? (It seems that although my user is recognised, I can't login using that name ... so could be good to see some debug/log messages, to try to follow the authentication process)

Yes, NAbox UI should take care of Grafana configuration

You can use Grafana ldap debug tool in the UI, and you can do dc logs -f grafana in NAbox console as well

i'm trying to use ldap too and it seems that search group filter use the same parameter as the user

in the 4.08b

With AD group search filter should be (member:1.2.840.113556.1.4.1941:=%s)

I missed this answer - sorry. Blinded by the sheer number of Discord UI widgets 🙂

Where can I find, or how can I access, the config. file ldap.toml ?

(In 4.0.7). I see in the (grafana) logs references to /etc-nabox/ldap.toml but that path is from within the docker container (I think)

OK, I found it via ssh to nabox: in /etc/nabox/grafana/ldap.toml, mtime 1 hour ago ... looks to be a likely candidate!