Saurabh Garg via FreeIPA-users wrote:
Hi,
I am trying to integrate Grafana UI with LDAP running on FreeIPA, version: 4.8.4. Could
you please help me fix the below error:
t=2020-05-05T18:15:26+0000 lvl=info msg="Ldap enabled, reading config file"
logger=ldap file=/etc/grafana/ldap.toml
t=2020-05-05T18:15:26+0000 lvl=eror msg="Error while trying to authenticate
user" logger=context userId=0 orgId=0 uname= error="Failed to get LDAP config:
Failed to load ldap config file: Near line 34 (last key parsed
'servers.search_base_dns'): expected value but found \"cn\"
instead"
t=2020-05-05T18:15:26+0000 lvl=eror msg="Request Completed" logger=context
userId=0 orgId=0 uname= method=POST path=/login status=500 remote_addr=49.206.255.126
time_ms=0 size=53 referer=http://13.52.184.58:3000/login
/etc/grafana/ldap.toml:
##################################################
[[servers]]
host = "10.0.0.1"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "uid=binduser,cn=users,cn=accounts,dc=domain,dc=com"
bind_password = 'binduser123'
search_filter = "(uid=%s)"
search_base_dns = [cn=users,cn=accounts,dc=domain,dc=com]
group_search_base_dns = [cn=groups,cn=accounts,dc=domain,dc=com]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "uid"
member_of = "memberOf"
email = "mail"
[[servers.group_mappings]]
group_dn = "cn=grafana-admins,cn=groups,cn=accounts,dc=domain,dc=com"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "cn=grafana-editors,cn=groups,cn=accounts,dc=domain,dc=com"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
##################################################
Just a wild guess since I don't know Grafana and you don't seem to have
included the entire file but for both search_base_dns and
group_search_base_dns you are missing quotes inside the brackets, per
their example at
https://grafana.com/docs/grafana/latest/auth/ldap/
You're probably better off asking this in the Grafana community since
this is purely a configuration file issue and not a problem connecting
to LDAP.
rob