How to use LDAP Authentication with Grafana and Wamp for Single Sign On?

会有一股神秘感。 提交于 2020-01-02 09:20:07

问题


I am trying to add single sign on for grafana using LDAP, I have come across Grafana documentation for LDAP but I did not understand.

Can I get Single Sign On feature using LDAP?

If yes, Can somebody give me a step by step procedure to follow to setup single sign on using ldap and grafana.

Grafana Version : 5.2.1 OS: WINDOWS

Update 1

I have been able to configure LDAP with grafana. Now I'm trying to integrate LDAP with wamp for SSO. In apache error log file I'm getting this error auth_ldap authenticate: user username authentication failed; URI /grafana/ [LDAP: ldap_simple_bind() failed][Invalid DN Syntax].

My apache config file.

<VirtualHost *:80>
  ServerName localhost
  RewriteEngine on
  ErrorLog "logs/authproxy-error_log"
  CustomLog "logs/authproxy-access_log" common
  <Location "/grafana/">
        LDAPReferrals off
        AuthType Basic
        AuthName GrafanaAuthProxy
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://localhost:389/dc=maxcrc,dc=com?cn,ou?sub"
        AuthLDAPBindDN "cn=Manager,dc=maxcrc,dc=com"
        AuthLDAPBindPassword "password"
        AuthLDAPGroupAttributeIsDN off
        Require ldap-filter ldapsettingshere
        AuthLDAPMaxSubGroupDepth 1
        RequestHeader unset Authorization
        Require valid-user
  </Location>   
  <Proxy *>
        RewriteEngine On
        RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER},NS]
        RequestHeader set X-WEBAUTH-USER "%{PROXY_USER}e"
  </Proxy> 
  RequestHeader unset Authorization
  ProxyRequests Off
  ProxyPass /grafana/ http://localhost:3000/
  ProxyPassReverse /grafana/ http://localhost:3000
</VirtualHost>

Update 2

Able to resolve the issue by changing the bindURL and bindDN.


回答1:


I have been able to do SSO by following these steps.

  1. Configuring LDAP with Grafana by following steps in grafana documentation
  2. Disabling the grafana login page by using Apache’s auth work together with Grafana’s AuthProxy documenation
  3. Integrating LDAP with Apache for reverse proxy authentication by modifying httpd.conf file as mentioned above
  4. Disabled reverse proxy authentication pop up by passing username and password into the url in the script.

With these steps I have been able to get SSO functionality.



来源:https://stackoverflow.com/questions/51414460/how-to-use-ldap-authentication-with-grafana-and-wamp-for-single-sign-on

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!