grafana/conf/ldap.toml

# Set to true to log user information returned from LDAP
verbose_logging = false

[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "127.0.0.1"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = /path/to/certificate.crt

# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"
# Search user bind password
bind_password = 'grafana'

# Search filter, for example "(cn=%s)" or "(sAMAccountName=%s)"
search_filter = "(cn=%s)"
# An array of base dns to search through
search_base_dns = ["dc=grafana,dc=org"]

# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email =  "email"

# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "cn=admins,dc=grafana,dc=org"
org_role = "Admin"
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id = 1

[[servers.group_mappings]]
group_dn = "cn=users,dc=grafana,dc=org"
org_role = "Editor"

[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Set to true to log user information returned from LDAP`
			`verbose_logging = false`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00
			`[[servers]]`
Support multiple space-separated LDAP hosts Signed-off-by: Alex Bligh <alex@alex.org.uk> 2015-10-11 11:14:46 -05:00			`# Ldap server host (specify multiple hosts space separated)`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`host = "127.0.0.1"`
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Default port is 389 or 636 if use_ssl = true`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`port = 389`
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Set to true if ldap server supports TLS`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`use_ssl = false`
feat(ldap): added config options for ssl skip verify, and ssl server name, #1450 2015-07-16 04:57:59 -05:00			`# set to true if you want to skip ssl cert validation`
			`ssl_skip_verify = false`
Allow user specified CA certs Signed-off-by: Alex Bligh <alex@alex.org.uk> 2015-10-11 11:38:33 -05:00			`# set to the path to your root CA certificate or leave unset to use system defaults`
			`# root_ca_cert = /path/to/certificate.crt`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Search user bind dn`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`bind_dn = "cn=admin,dc=grafana,dc=org"`
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Search user bind password`
fix(ldap conf): updated ldap conf example to use literal string syntax for bind_password 2015-07-18 02:30:09 -05:00			`bind_password = 'grafana'`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Search filter, for example "(cn=%s)" or "(sAMAccountName=%s)"`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`search_filter = "(cn=%s)"`
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# An array of base dns to search through`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`search_base_dns = ["dc=grafana,dc=org"]`

docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Specify names of the ldap attributes your ldap uses`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`[servers.attributes]`
			`name = "givenName"`
			`surname = "sn"`
			`username = "cn"`
			`member_of = "memberOf"`
			`email = "email"`

docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# Map ldap groups to grafana org roles`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`[[servers.group_mappings]]`
			`group_dn = "cn=admins,dc=grafana,dc=org"`
			`org_role = "Admin"`
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# The Grafana organization database id, optional, if left out the default org (id 1) will be used`
			`# org_id = 1`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00
fix(ldap): minor fixes, should not have any real impact, #2421 2015-08-01 03:28:43 -05:00			`[[servers.group_mappings]]`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`group_dn = "cn=users,dc=grafana,dc=org"`
			`org_role = "Editor"`

			`[[servers.group_mappings]]`
docs(ldap): added ldap integration docs and config examples, #1450 2015-07-15 07:48:39 -05:00			`# If you want to match all (or no ldap groups) then you can use wildcard`
feat(ldap): work on reading ldap config from toml file, #1450 2015-07-15 03:08:23 -05:00			`group_dn = "*"`
			`org_role = "Viewer"`