
On Tue, Oct 13, 2020 at 5:22 PM Dmitry Kharlamov <dukharlamov@cge.ru> wrote:
Many thanks, Didi, Gianluca!
Via Invite + username@ad.domain.name Everything worked out! )))
Is it possible to use a file /etc/grafana/ldap.toml for configure authentication in the Active Directory?
I have no idea, sorry. I think this won't work. Grafana is not configured to use ldap directly, but to use SSO against the engine. If you configure the engine to use ldap, you get "indirect ldap support" also in grafana. If you want separate/different ldap configuration of grafana and the engine, I think nothing prevents you from doing that - see also [1], might be relevant/needed - but then SSO with the engine won't work (but other SSO might work if you configure stuff so - e.g. kerberos - didn't check grafan's support for that, though). To do that, you'll need to configure ldap.toml as you mention, and also set 'enabled = true', which might be overwritten on future engine-setup runs (e.g. for ugprades), until [1] is fixed (and then it's also still not clear what we'll do on upgrades from current to post-[1]. Feel free to comment there if you have concrete ideas). Best regards, [1] https://bugzilla.redhat.com/show_bug.cgi?id=1835177 depends on https://bugzilla.redhat.com/show_bug.cgi?id=1835168 depends on https://github.com/grafana/grafana/issues/17653 -- Didi