Grafana Version 4 Integration With Active Directory
Grafana Version 4 Integration, AD is a database that keeps track of all the user accounts and passwords in your organization.
It allows you to store your user accounts and passwords in one protected location, improving your organization’s security.
Grafana ships with a strong LDAP integration feature. The LDAP integration in Grafana allows your Grafana users to login with their LDAP credentials. You can also specify mappings between LDAP group memberships and Grafana Organization user roles.
LDAP File is Located at /etc/grafana/ldap.toml. These are the default setting in ldap.toml.
Step 1: We need to change Host(Active Directory IP) and Port in the ldap.toml file. By default, the port will be 389. Keep it the same if you’re not going to use SSL. Otherwise, use port 636 with SSL.
Step 2: Create a user in AD And set the password. Refer to the screenshot for default settings.
After the creation of the AD account and password, change the bind_dn and bind_password as given in the screenshot.
Note: bind_dn and bind_password is the same as user credential in the AD server.
Change the search_filter = “(sAMAccountName=%s)”
Step 3: Locate search_base_dns and change the dc values as given below
search_base_dns = [“dc=your-domain,dc=com”]
Step 4: Next step is to make changes in Servers.Attributes
In case of Grafana version 4.x.x, Change to Search_filter = “(sAMAccountName=%s)”
Step 5: Save the file with the changes made.
Step 6: Restart the service with the following commands.
systemctl restart grafana-server.service
Once service has been restarted, try to login with AD credentials on the Grafana login page.
Point to remember
- The default user and password will be admin.
- If you want you can change the admin password at first login via GUI.
- Take a backup of both files grafana.ini and ldap.toml before making any changes.