Enhanced LDAP Integration

    The enhanced LDAP integration adds additional functionality on top of the existing LDAP integration.

    Grafana keeps track of all synchronized users in teams and you can see which users have been synchronized from LDAP in the team members list, see label in screenshot. This mechanism allows Grafana to remove an existing synchronized user from a team when its LDAP group membership changes. This mechanism also enables you to manually add a user as member of a team and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships.

    Enhanced LDAP - 图4

    • Navigate to Configuration / Teams.
    • Select a team.
    • Insert LDAP distinguished name (DN) of LDAP group you want to synchronize with the team.
    • Click on button to save.

    Active LDAP Synchronization

    In the open source version of Grafana, user data from LDAP will be synchronized only during the login process when authenticating using LDAP.

    With this feature you can configure Grafana to actively sync users with LDAP server(s) in the background. Role and team membership will be updated, removed users will be disabled and logged out. Only users that have logged into Grafana at least once will be synchronized.