feat(ldap): work on reading ldap config from toml file, #1450

2025-02-25 18:55:37 -06:00 · 2015-07-15 10:08:23 +02:00
parent 262a09bb2d
commit 0b5ba55131
14 changed files with 167 additions and 100 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -181,22 +181,8 @@ auto_sign_up = true

 #################################### Auth LDAP ##########################
 [auth.ldap]
-enabled = true
-hosts = ldap://127.0.0.1:389
-use_ssl = false
-bind_path = cn=%s,dc=grafana,dc=org
-bind_password =
-search_bases = dc=grafana,dc=org
-search_filter = (cn=%s)
-attr_username = cn
-attr_name = givenName
-attr_surname = sn
-attr_email = email
-attr_member_of = memberOf
-
-[auth.ldap.member.to.role.map]
-: cn=admins,dc=grafana,dc=org -> "Admin" in "Main Org."
-: cn=users,dc=grafana,dc=org  -> "Viewer" in "Main Org."
+enabled = false
+config_file = /etc/grafana/ldap.toml

 #################################### SMTP / Emailing ##########################
 [smtp]
--- a/conf/ldap.toml
+++ b/conf/ldap.toml
@@ -0,0 +1,31 @@
+verbose_logging = true
+
+[[servers]]
+host = "127.0.0.1"
+port = 389
+use_ssl = false
+
+bind_dn = "cn=admin,dc=grafana,dc=org"
+bind_password = "grafana"
+
+search_filter = "(cn=%s)"
+search_base_dns = ["dc=grafana,dc=org"]
+
+[servers.attributes]
+name = "givenName"
+surname = "sn"
+username = "cn"
+member_of = "memberOf"
+email =  "email"
+
+[[servers.group_mappings]]
+group_dn = "cn=admins,dc=grafana,dc=org"
+org_role = "Admin"
+
+[[server.ldap_group_to_org_role_mappings]]
+group_dn = "cn=users,dc=grafana,dc=org"
+org_role = "Editor"
+
+[[servers.group_mappings]]
+group_dn = "*"
+org_role = "Viewer"
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -178,6 +178,11 @@
 [auth.basic]
 ;enabled = true

+#################################### Auth LDAP ##########################
+[auth.ldap]
+enabled = false
+config_file = /etc/grafana/ldap.toml
+
 #################################### SMTP / Emailing ##########################
 [smtp]
 ;enabled = false