Configuring LDAP authentication in Grafana

requirements before starting, make sure you have server admin permissions in grafana (v11 3 0 or higher) and docid\ jhgoacgdowpr5dfb clis configure authentication to configure {{ldap}} authentication in grafana, go to administration > authentication > ldap don't see ldap? the ssosettingsldap feature toggle must be enabled in the grafana ini config file (requires command line access on the grafana server or ask factry support) fill in the ldap connection docid\ jhgoacgdowpr5dfb clis fill in the basic settings don't add ( and ) around the search filter click edit and fill in the advanced settings > extra security measures more information in the grafana guide https //grafana com/docs/grafana/latest/setup grafana/configure security/configure authentication/ldap/ click save & test to verify the configuration if the connection is successful, the configuration should save without errors troubles configuring the authentication? have a look at docid\ wk5ckwzcilsvyy4xxz lh default role if you log out and try to log in with a ldap user (with a username that does not exist in grafana), the user receives the default role in grafana for the default organization (usually viewer , which is set in grafana ini ) to manage permissions of the user, there are 2 options manually assign a role to a user see grafana's https //grafana com/docs/grafana/latest/alerting/set up/configure roles/#assign roles /#configure group mapping via ldap if the ldap user matches a username of an existing user in grafana, that user will be logged in (when skip organization role sync in group mapping is enabled) as opposed to creating a new user configure group mapping perform the following steps to create a user group mapping when group mapping is enabled, a user in grafana can not be manually configured into a user group, since on each login the user will be linked to the user groups matching in ldap to manually assign users to groups in grafana, skip this section go to administration > authentication > ldap make sure to disable the skip organization role sync in the {{ldap}} server, find the {{dn}} of the group(s) with identities (users) you want to give permissions in grafana in grafana, find the org id of the organization for which the user needs to receive permissions go to administration > general > organizations for an overview of the org id's in grafana, add a user group mapping using the dn of the group the group search filter , group search base dns and the group name attribute are optional and to be used if the group dn is set as an attribute of the ldap group rather than the dn itself on saving a group mapping , all the identities (users) in the ldap group(s) matching the given dn will be granted the permissions of the mapped grafana role in the organization with the indicated org id we recommend group mapping in grafana for each role you plan to have grafana admin, admin, editor and viewer test authentication and group mapping when successfully logging in with an ldap user in grafana, the user will be automatically created in grafana (if it does not exist yet) to test the authentication and group mapping log out of grafana log in with your ldap username or e mail (depends on the search filter ) and verify if login succeeds without errors if the correct user groups are applied to the user in grafana troubles configuring the authentication? have a look at docid\ wk5ckwzcilsvyy4xxz lh