Open aktech opened 3 months ago
Hi @aktech, were you able to solve this issue? We are having the same problem.
What version are you on @lcapka ?
I encountered a sign-in issue with Grafana due to a conflict between Grafana's default admin
user and my LDAP admin
user. (LDAP is used by my OAuth provider, Authelia)
admin
admins
Grafana creates a default admin
user upon initial setup, which conflicted with my LDAP admin
user.
Note: Changing my LDAP username was an option, but I chose to adjust Grafana's configuration instead. Honestly not sure which is the correct method for solving this.
admin
User CreationTo prevent Grafana from creating the default admin
user, I disabled the initial admin creation in the Grafana configuration.
Environment Variable (what I used):
GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: true
Equivalent grafana.ini
Configuration:
#################################### Security ############################
[security]
# Disable creation of admin user on first start of Grafana
disable_initial_admin_creation = true
Since my LDAP user admin
is part of the admins
group, I configured Grafana to assign the Admin
role to users in the admins
group.
Environment Variables (what I used):
GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH: contains(groups, 'admins') && 'Admin' || 'Viewer'
GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN: true
Equivalent grafana.ini
Configuration:
[auth.generic_oauth]
role_attribute_path = contains(groups, 'admins') && 'Admin' || 'Viewer'
allow_assign_grafana_admin = true
To apply the changes, I needed to remove Grafana and reset the database.
Afterwards, everything came up for me. May or may not work for you depending on your setup.
Some users have reported success with the following settings, but they did not work for me.
Environment Variables:
GF_AUTH_GENERIC_OAUTH_SKIP_ORG_ROLE_SYNC: true
GF_AUTH_OAUTH_ALLOW_INSECURE_EMAIL_LOOKUP: true
Equivalent grafana.ini
Configuration:
[auth]
oauth_allow_insecure_email_lookup = true
[auth.generic_oauth]
skip_org_role_sync = true
Context
This is what I see while trying to login to Grafana:
Logs:
Potentially relevant upstream issues:
Potential solution: https://github.com/grafana/grafana/issues/70203#issuecomment-1612823390 (or upgrade grafana)
Value and/or benefit
Being able to monitor nebari-slurm deployment.
Anything else?
No response