Troubleshooting LDAP authentication

local users and ldap users make sure that existing local users in factry historian/grafana have a different username than the one used for ldap authentication if the username of the local user is the same as the ldap user, when enabling the group mapping in factry historian/grafana, the permissions (groups of the local user in factry historian/grafana) will be synchronised with ldap too case sensitivity (capital vs small letters) ldap is case insensitive by default, but that setting can be overwritten in your ldap server or even per ldap group make sure to use the exact same {{dn}} in the factry historian/grafana configuration as listed in the ldap server time out error (grafana) or grey authentication provider icon (factry historian) occurs in one of the following cases on saving the ldap configuration in factry historian, the authentication provider icon stays grey (no green nor red) in grafana, a time out error is received if the ldap host is a dns name, replace it with an ip address or make sure the dns name can be found by the historian server if the ldap host is an ip address, make sure the ip address can be found by the historian server red authentication provider icon (factry historian) double check the configuration (attention to host and port)! look for an error in configuration > application logs and/or get in touch with factry support root ca certificate, client certificate and client key manage files put the files on the historian server copy the files to a good practice directory and set the according file privileges for the respected users (e g factry system user needs read rights on these files) cp root ca certificate crt /etc/ssl/factry/ cp client certificate crt /etc/ssl/factry cp client key key /etc/ssl/factry cd /etc/ssl/factry chmod 644 root ca certificate crt chmod 644 client certificate crt chmod 640 client key key chown root\ factry system user root ca certificate crt chown root\ factry system user client certificate key chown root\ factry system user client key key a help command to read a certificate as text to see the content openssl x509 in root ca certificate crt text noout root ca unreachable from historian server when the root {{ca}} can not be reached from the historian server, the root ca certificate has to be copied to the historian server and the path added in the {{ldap}} configuration group mapping users are not matched against a ldap subgroup for a group mapping in factry historian/grafana, the {{dn}} configured only grants permissions to the users in the matched ldap group(s) it does not grant permissions to users in a subgroup of the matched ldap group(s) missing privileges in factry historian if you log out and try to log in with a {{ldap}} user (with a username that does not exist in factry historian), a error will be thrown (click the question mark on the error) this means the user is authenticated (login succeeds) but the user is not authorized to do any action (can't see anything) since it's not part of a group in factry historian to give permissions to the user, there are 2 options manually manage the groups that the user is part of see users & user groups docid\ urn3v75p3czw7xbfbz t9 configuring ldap authentication in factry historian docid\ o7hefiqupynjktokksom