How to use LDAP Authentication with Grafana and Wamp for Single Sign On?

问题

I am trying to add single sign on for grafana using LDAP, I have come across Grafana documentation for LDAP but I did not understand.

Can I get Single Sign On feature using LDAP?

If yes, Can somebody give me a step by step procedure to follow to setup single sign on using ldap and grafana.

Grafana Version : 5.2.1 OS: WINDOWS

Update 1

I have been able to configure LDAP with grafana. Now I'm trying to integrate LDAP with wamp for SSO. In apache error log file I'm getting this error auth_ldap authenticate: user username authentication failed; URI /grafana/ [LDAP: ldap_simple_bind() failed][Invalid DN Syntax].

My apache config file.

<VirtualHost *:80>
  ServerName localhost
  RewriteEngine on
  ErrorLog "logs/authproxy-error_log"
  CustomLog "logs/authproxy-access_log" common
  <Location "/grafana/">
        LDAPReferrals off
        AuthType Basic
        AuthName GrafanaAuthProxy
        AuthBasicProvider ldap
        AuthLDAPURL "ldap://localhost:389/dc=maxcrc,dc=com?cn,ou?sub"
        AuthLDAPBindDN "cn=Manager,dc=maxcrc,dc=com"
        AuthLDAPBindPassword "password"
        AuthLDAPGroupAttributeIsDN off
        Require ldap-filter ldapsettingshere
        AuthLDAPMaxSubGroupDepth 1
        RequestHeader unset Authorization
        Require valid-user
  </Location>   
  <Proxy *>
        RewriteEngine On
        RewriteRule .* - [E=PROXY_USER:%{LA-U:REMOTE_USER},NS]
        RequestHeader set X-WEBAUTH-USER "%{PROXY_USER}e"
  </Proxy> 
  RequestHeader unset Authorization
  ProxyRequests Off
  ProxyPass /grafana/ http://localhost:3000/
  ProxyPassReverse /grafana/ http://localhost:3000
</VirtualHost>

Update 2

Able to resolve the issue by changing the bindURL and bindDN.

回答1:

I have been able to do SSO by following these steps.

Configuring LDAP with Grafana by following steps in grafana documentation
Disabling the grafana login page by using Apache’s auth work together with Grafana’s AuthProxy documenation
Integrating LDAP with Apache for reverse proxy authentication by modifying httpd.conf file as mentioned above
Disabled reverse proxy authentication pop up by passing username and password into the url in the script.

With these steps I have been able to get SSO functionality.

来源：https://stackoverflow.com/questions/51414460/how-to-use-ldap-authentication-with-grafana-and-wamp-for-single-sign-on

标签

ldap

single-sign-on

wamp

OpenLDAP

grafana