diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
index 1834a5839d9b9dca2fc6913c02b227d3c389d15f..c918707aac8cabe5ecfd2b22128dd94867a7e9f4 100644
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -13,7 +13,7 @@ use_ssl = true
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
-ssl_skip_verify = false
+ssl_skip_verify = true
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
@@ -21,13 +21,13 @@ ssl_skip_verify = false
# client_key = "/path/to/client.key"
# Search user bind dn
-bind_dn = "{{ grafana.ldap_bind_dn }}"
+bind_dn = "uid=%s,{{ ldap_user_tree }}"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
-bind_password = '{{ grafana.ldap_passwd }}'
+#bind_password = ''
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
-search_filter = "(cn=%s)"
+search_filter = "(uid=%s)"
# An array of base dns to search through
search_base_dns = ["{{ ldap_user_tree }}"]
@@ -35,15 +35,14 @@ search_base_dns = ["{{ ldap_user_tree }}"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
-group_search_base_dns = ["ou=posix,ou=groups,{{ ldap_base }}"]
+group_search_base_dns = ["ou=group,{{ ldap_base }}"]
group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
-name = "sn"
-surname = ""
-username = "cn"
-member_of = "dn"
+name = "givenName"
+surname = "sn"
+username = "uid"
email = "mail"
# All LDAP members can edit