diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index 50da974855e8c0ea7c73aea7a78bda39cc091a43..5c8fd0d7cb057d3252abdffb8f3be91e361f2084 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -21,7 +21,7 @@ nginx:
     # Services web Crans
     - {from: re2o.crans.org, to: 172.16.10.156}
     - {from: intranet.crans.org, to: 172.16.10.156}
-    #    - {from: grafana.crans.org, to: "10.231.136.102:3000"}
+    - {from: grafana.crans.org, to: "172.16.10.121:3000"}
     - {from: ftps.crans.org, to: 172.16.10.30}
     - {from: webmail.crans.org, to: 172.16.10.108}
     - {from: webirc.crans.org, to: "172.16.10.31:9000"}
diff --git a/plays/monitoring.yml b/plays/monitoring.yml
index 2a6c6bcd8d03d78d714c34a6162948d2ed8822f2..5e661a50289002e8c88b40cc72ba79c056887f51 100755
--- a/plays/monitoring.yml
+++ b/plays/monitoring.yml
@@ -25,12 +25,12 @@
 
     grafana:
       root_url: https://grafana.crans.org
-      ldap_bind_dn: "cn=grafana,ou=service-users,{{ ldap_base }}"
-      ldap_passwd: "{{ vault_ldap_grafana_passwd }}"
+      ldap_bind_dn: ""
+      ldap_passwd: ""
 
     ldap_base: 'dc=crans,dc=org'
     ldap_master_ipv4: '172.16.10.1'
-    ldap_user_tree: "ou=users,{{ ldap_base }}"
+    ldap_user_tree: "ou=passwd,{{ ldap_base }}"
   roles:
     - prometheus
     - prometheus-alertmanager
diff --git a/roles/grafana/templates/ldap.toml.j2 b/roles/grafana/templates/ldap.toml.j2
index 1fd96e129084e8fa63dbbe7f061a042f585a32a0..b044d42cfc88fdaf2498d8aa0a064898cf7913be 100644
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -7,11 +7,11 @@
 # Ldap server host (specify multiple hosts space separated)
 host = "{{ ldap_master_ipv4 }}"
 # Default port is 389 or 636 if use_ssl = true
-port = 389
+port = 636
 # Set to true if ldap server supports TLS
-use_ssl = false
+use_ssl = true
 # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
-start_tls = false
+start_tls = true
 # set to true if you want to skip ssl cert validation
 ssl_skip_verify = false
 # set to the path to your root CA certificate or leave unset to use system defaults
@@ -40,7 +40,7 @@ group_search_filter_user_attribute = "cn"
 
 # Specify names of the ldap attributes your ldap uses
 [servers.attributes]
-name = "sn"
+name = ""
 surname = ""
 username = "cn"
 member_of = "dn"
@@ -48,7 +48,7 @@ email =  "mail"
 
 # Map ldap groups to grafana org roles
 [[servers.group_mappings]]
-group_dn = "cn=nounou,ou=posix,ou=groups,dc=crans,dc=org"
+group_dn = "cn=nounou,ou=group,dc=crans,dc=org"
 org_role = "Admin"
 # To make user an instance admin  (Grafana Admin) uncomment line below
 # grafana_admin = true
@@ -56,7 +56,7 @@ org_role = "Admin"
 # org_id = 1
 
 [[servers.group_mappings]]
-group_dn = "cn=apprenti,ou=posix,ou=groups,dc=crans,dc=org"
+group_dn = "cn=user,ou=group,dc=crans,dc=org"
 org_role = "Editor"
 
 [[servers.group_mappings]]