On Tue, Aug 4, 2020 at 5:09 PM Dan Yasny ***@***.***> wrote: @amnonh <https://github.com/amnonh> do you know who might have a working LDAP server up and available somewhere? I don't have one and would have to build something (AD? FreeIPA?). Maybe it's better to simply pass the test request t the QA folks, the same ones who test the LDAP integration with Scylla Enterprise — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1013 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAQFDPYRNTTK2BKIY4EXYQTR7AJALANCNFSM4PTNW73A> .

On Tue, Aug 4, 2020 at 5:56 PM Dan Yasny ***@***.***> wrote: $ docker run --env LDAP_ORGANISATION="Contoso" --env LDAP_DOMAIN="contoso.com" --env LDAP_ADMIN_PASSWORD="Bugaga123" --detach -p 389:389 -p 636:636 --name my-openldap-container osixia/openldap:1.4.0 $ ldapsearch -x -H ldap://172.17.0.1 -b dc=contoso,dc=com -D "cn=admin,dc=contoso,dc=com" -w Bugaga123# extended LDIF## LDAPv3# base <dc=contoso,dc=com> with scope subtree# filter: (objectclass=*)# requesting: ALL# # contoso.com dn: dc=contoso,dc=com objectClass: top objectClass: dcObject objectClass: organization o: Contoso dc: contoso # admin, contoso.com dn: cn=admin,dc=contoso,dc=com objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e1NTSEF9UUJCbk9jTENCanpNaXlaL0JBaDRmblB4SUt2MmpFeis= # search result search: 2 result: 0 Success # numResponses: 3# numEntries: 2 ## IT WORKS $ cat ldap.toml [[servers]]# Ldap server host (specify multiple hosts space separated) host = "172.17.0.1"# Default port is 389 or 636 if use_ssl = true port = 389# Set to true if LDAP server supports TLS use_ssl = false# Set to true if connect LDAP server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) start_tls = false# set to true if you want to skip SSL cert validation ssl_skip_verify = false# set to the path to your root CA certificate or leave unset to use system defaults# root_ca_cert = "/path/to/certificate.crt"# Authentication against LDAP servers requiring client certificates# client_cert = "/path/to/client.crt"# client_key = "/path/to/client.key" # Search user bind dn bind_dn = "cn=admin,dc=contoso,dc=com"# Search user bind password# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" bind_password = 'Bugaga123' # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))" search_filter = "(cn=%s)" # An array of base dns to search through search_base_dns = ["dc=contoso,dc=com"] # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"# group_search_filter_user_attribute = "distinguishedName"# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"] # Specify names of the LDAP attributes your LDAP uses [servers.attributes] name = "givenName" surname = "sn" username = "cn" member_of = "memberOf" email = "email" ./start-all.sh -P $PWD/ldap.toml ## EVERYTHING STARTED Logging into IP:3000 doesn't ask for a password. The users tab in Grafana has no LDAP mentioned [image: image] <https://user-images.githubusercontent.com/787957/89309161-0f87d580-d641-11ea-8205-d1b3d6d3f87e.png> Am I missing something? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1013 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAQFDP4FCSYN2SDKIFYUBWDR7AORFANCNFSM4PTNW73A> .