Logging Grafana LDAP日志记录_Logging_Active Directory_Ldap_Grafana

Logging Grafana LDAP日志记录

logging active-directory ldap grafana

Logging Grafana LDAP日志记录,logging,active-directory,ldap,grafana,Logging,Active Directory,Ldap,Grafana,我使用的是Grafana版本4.2.0-1。我已经通过以下方式配置了LDAP： /etc/grafana/ldap.toml配置文件。以下是我的配置： verbose_logging = true [[servers]] # Ldap server host (specify multiple hosts space separated) host = "myhost.mydomain.com" # Default port is 389 or 636 if use_ssl = true

我使用的是Grafana版本4.2.0-1。我已经通过以下方式配置了LDAP： /etc/grafana/ldap.toml配置文件。以下是我的配置：

verbose_logging = true

[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "myhost.mydomain.com"
# Default port is 389 or 636 if use_ssl = true
port = 636
# Set to true if ldap server supports TLS
use_ssl = true
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = true
# set to true if you want to skip ssl cert validation
ssl_skip_verify = true
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = /path/to/certificate.crt

# Search user bind dn
bind_dn = "mysuperuser@mydomain.com"
# Search user bind password
# If the password contains # or ; you have to wrap it with trippel quotes. Ex """#password;"""
bind_password = 'mypass'

# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
#search_filter = "(uid=%s)"
search_filter = "(sAMAccountName=%s)"

# An array of base dns to search through
search_base_dns = ["CN=Users,DC=corp,DC=mydomain,DC=com"]

# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "sAMAccountName"
member_of = "memberOf"
email = "mail"

# Map ldap groups to grafana org roles
[[servers.group_mappings]]

#group_dn = "cn=admins,dc=grafana,dc=org"
group_dn = "CN=Admins,CN=Users,DC=corp,DC=mycompany,DC=com"
org_role = "Admin"
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id = 1

#[[servers.group_mappings]]
#group_dn = "cn=users,dc=grafana,dc=org"
#org_role = "Editor"

[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"

在grafana配置文件中启用了LDAP：

[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true

调试记录器也已启用：

[log]
# Either "console", "file", "syslog". Default is console and  file
# Use space to separate multiple modes, e.g. "console file"
mode = console file syslog

# Either "debug", "info", "warn", "error", "critical", default is "info"
level = debug

# optional settings to set different levels for specific loggers. Ex filters = sqlstore:debug
filters = "ldap:debug"

# For "console" mode only
[log.console]
level = debug

# log line format, valid options are text, console and json
format = console

# For "file" mode only
[log.file]
level = debug

问题是，我无法使用Active Directory中的用户登录或创建新用户（通过注册）

grafana logger（/var/logs/grafana）没有显示很多关于LDAP的信息：

t=2017-04-05T13:33:52+0000 lvl=info msg="Ldap enabled, reading config file" logger=ldap file=/etc/grafana/ldap.toml
t=2017-04-05T13:33:52+0000 lvl=info msg="Starting plugin search" logger=plugins
t=2017-04-05T13:33:52+0000 lvl=dbug msg="Checking for updates"
t=2017-04-05T13:33:52+0000 lvl=info msg="Initializing CleanUpService" logger=cleanup
t=2017-04-05T13:33:52+0000 lvl=info msg="Initializing Alerting" logger=alerting.engine
t=2017-04-05T13:33:52+0000 lvl=info msg="Initializing Stream Manager"
t=2017-04-05T13:33:52+0000 lvl=info msg="Initializing HTTP Server" logger=http.server address=0.0.0.0:3000 protocol=http subUrl=
t=2017-04-05T13:33:53+0000 lvl=dbug msg="Scheduling update" logger=alerting.scheduler ruleCount=0
t=2017-04-05T13:33:57+0000 lvl=dbug msg="Looking for App Dashboard Updates" logger=plugins
t=2017-04-05T13:34:03+0000 lvl=dbug msg="Scheduling update" logger=alerting.scheduler ruleCount=0
t=2017-04-05T13:34:13+0000 lvl=dbug msg="Scheduling update" logger=alerting.scheduler ruleCount=0
t=2017-04-05T13:34:21+0000 lvl=info msg="Shutdown started" logger=server code=0 reason="system signal: terminated"
t=2017-04-05T13:34:21+0000 lvl=info msg="stopped http server" logger=http.server

你知道如何打开LDAP的调试记录器吗？这样它就可以提供更多信息了。

配置中缺少什么吗？

在ldap.toml中启用

verbose\u logging=true

就足够了。关于

filters=“ldap:debug”

我只有在实际尝试登录时才获得LDAP日志记录

获取如下消息：在这里输入代码t=2017-12-01T13:06:30+0100 lvl=dbug msg=“Ldap User found”logger=Ldap info=“（*login.LdapUserInfo）（0xc4200fddc0）（{\n DN:（string）（len=86）\”…在Ldap.toml中启用

verbose\u logging=true

就足够了。关于

filters=“ldap:debug”

我只有在实际尝试登录时才获得LDAP日志记录

获取类似以下消息：在此处输入代码t=2017-12-01T13:06:30+0100 lvl=dbug msg=“Ldap用户已找到”logger=Ldap info=“（*login.LdapUserInfo）（0xc4200fddc0）（{\n DN:（字符串）（len=86）\”…

不，这几乎就是配置。我希望它在调试模式下更加详细。它可能会列出它接受的配置以及任何默认值。不，这几乎就是配置。我希望它在调试模式下更加详细。它可能会列出它接受的配置以及任何默认值。