Active Directory Integration with Grafana :
Active Directory(AD) is a database that keeps track of all the user accounts and passwords in your organization. It allows you to store your user accounts and passwords in one protected location, improving your organization’s security.
Grafana ships with a strong LDAP integration feature. The LDAP integration in Grafana allows your Grafana users to login with their LDAP credentials. You can also specify mappings between LDAP group memberships and Grafana Organization user roles.
LDAP File is Located at /etc/grafana/ldap.toml. These are the default setting in ldap.toml .
Step 1 :
We need to change Host(Active Directory IP) and Port in the ldap.toml file. By default port will be 389 .Keep it same if you’re not going to use SSL. Otherwise use port 636 with SSL.
Create a user in AD And set the password. Refer the screenshot for default settings.
After creation of AD account and password, change the bind_dn and bind_password as given in the screenshot.
Note : bind_dn and bind_password is same as user credential in AD server
Change the search_filter = “(sAMAccountName=%s)”
Step 3 :
Locate search_base_dns and change the dc values as given below
search_base_dns = [“dc=your-domain,dc=com”]
Step 4 :
Next step is to make changes in Servers.Attributes
In case of Grafana version 4.x.x , Change to Search_filter = “(sAMAccountName=%s)”
Step 5 :
Save the file with the changes made.
Step 6 :
Restart the service with the following commands.
Systemctl restart grafana-server.service
Once service has been restarted, try to login with AD credentials on Grafana login page.
Point to remember
- Default user and password will be admin.
- If you want you can change admin password at first login via GUI .
- Take backup of both files grafana.ini and ldap.toml before making any changes.