ObserveNow
Enterprise Configuration

LDAP setup for Grafana

this section applies only to opsverse private saas deployments create a secret in the namespace where the observability stack is installed using the following example as a reference apiversion v1 kind secret metadata name ldap config data ldap toml | \[\[servers]] \# ldap server host (specify multiple hosts space separated) host = "ldap" \# default port is 389 or 636 if use ssl = true port = 389 \# set to true if ldap server supports tls use ssl = false \# set to true if connect ldap server with starttls pattern (create connection in insecure, then upgrade to secure connection with tls) start tls = false \# set to true if you want to skip ssl cert validation ssl skip verify = false \# set to the path to your root ca certificate or leave unset to use system defaults \# root ca cert = "/path/to/certificate crt" \# authentication against ldap servers requiring client certificates \# client cert = "/path/to/client crt" \# client key = "/path/to/client key" \# search user bind dn bind dn = "cn=admin,dc=example,dc=org" \# search user bind password \# if the password contains # or ; you have to wrap it with triple quotes ex """#password;""" bind password = 'admin' \# user search filter, for example "(cn=%s)" or "(samaccountname=%s)" or "(uid=%s)" \# allow login from email or username, example "(|(samaccountname=%s)(userprincipalname=%s))" search filter = "(uid=%s)" \# an array of base dns to search through search base dns = \["ou=people,dc=support,dc=example,dc=org"] \# group search filter = "(&(objectclass=posixgroup)(memberuid=%s))" \# group search filter user attribute = "distinguishedname" \# group search base dns = \["ou=groups,dc=grafana,dc=org"] \# specify names of the ldap attributes your ldap uses \[servers attributes] name = "givenname" surname = "sn" username = "cn" member of = "memberof" email = "email" to configure opsverse observenow grafana to use this new azure ad config, login to the opsverse admin console , navigate to your observenow stack, enable ldap authentication, and add the name of the secret which you created in the previous steps you can also work with the opsverse support team to configure your grafana instance to use ldap for authentication or if you have any other customization requirements