问题
I am trying to add single sign on for grafana using LDAP, I have come across Grafana documentation for LDAP but I did not understand.
Can I get Single Sign On feature using LDAP?
If yes, Can somebody give me a step by step procedure to follow to setup single sign on using ldap and grafana.
Grafana Version : 5.2.1 OS: WINDOWS
Update 1
I have been able to configure LDAP with grafana. Now I'm trying to integrate LDAP with wamp for SSO. In apache error log file I'm getting this error
auth_ldap authenticate: user username authentication failed; URI /grafana/ [LDAP: ldap_simple_bind() failed][Invalid DN Syntax]
.
My apache config file.
<VirtualHost *:80>
ServerName localhost
RewriteEngine on
ErrorLog "logs/authproxy-error_log"
CustomLog "logs/authproxy-access_log" common
<Location "/grafana/">
LDAPReferrals off
AuthType Basic
AuthName GrafanaAuthProxy
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:389/dc=maxcrc,dc=com?cn,ou?sub"
AuthLDAPBindDN "cn=Manager,dc=maxcrc,dc=com"
AuthLDAPBindPassword "password"
AuthLDAPGroupAttributeIsDN off
Require ldap-filter ldapsettingshere
AuthLDAPMaxSubGroupDepth 1
RequestHeader unset Authorization
Require valid-user
</Location>
<Proxy *>
RewriteEngine On
RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER},NS]
RequestHeader set X-WEBAUTH-USER "%{PROXY_USER}e"
</Proxy>
RequestHeader unset Authorization
ProxyRequests Off
ProxyPass /grafana/ http://localhost:3000/
ProxyPassReverse /grafana/ http://localhost:3000
</VirtualHost>
Update 2
Able to resolve the issue by changing the bindURL and bindDN.
回答1:
I have been able to do SSO by following these steps.
- Configuring LDAP with Grafana by following steps in grafana documentation
- Disabling the grafana login page by using Apache’s auth work together with Grafana’s AuthProxy documenation
- Integrating LDAP with Apache for reverse proxy authentication by modifying httpd.conf file as mentioned above
- Disabled reverse proxy authentication pop up by passing username and password into the url in the script.
With these steps I have been able to get SSO functionality.
来源:https://stackoverflow.com/questions/51414460/how-to-use-ldap-authentication-with-grafana-and-wamp-for-single-sign-on