mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
docs: enhanced ldap
This commit is contained in:
parent
5495072c83
commit
280c8631f9
43
docs/sources/auth/enhanced_ldap.md
Normal file
43
docs/sources/auth/enhanced_ldap.md
Normal file
@ -0,0 +1,43 @@
|
||||
+++
|
||||
title = "Enhanced LDAP Integration"
|
||||
description = "Grafana Enhanced LDAP Integration Guide "
|
||||
keywords = ["grafana", "configuration", "documentation", "ldap", "active directory", "enterprise"]
|
||||
type = "docs"
|
||||
[menu.docs]
|
||||
name = "Enhanced LDAP"
|
||||
identifier = "enhanced-ldap"
|
||||
parent = "authentication"
|
||||
weight = 3
|
||||
+++
|
||||
|
||||
# Enhanced LDAP Integration
|
||||
|
||||
> Enhanced LDAP Integration is only available in Grafana Enterprise. Read more about [Grafana Enterprise]({{< relref "enterprise/index.md" >}}).
|
||||
|
||||
The enhanced LDAP integration adds additional functionality on top of the [existing LDAP integration]({{< relref "auth/ldap.md" >}}).
|
||||
|
||||
## LDAP Group Synchronization for Teams
|
||||
|
||||
{{< docs-imagebox img="/img/docs/enterprise/team_members_ldap.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}}
|
||||
|
||||
With the enhanced LDAP integration it's possible to setup synchronization between LDAP groups and teams. This enables LDAP users which are members
|
||||
of certain LDAP groups to automatically be added/removed as members to certain teams in Grafana. Currently the synchronization will only happen every
|
||||
time a user logs in, but an active background synchronization is currently being developed.
|
||||
|
||||
Grafana keeps track of all synchronized users in teams and you can see which users have been synchronized from LDAP in the team members list, see `LDAP` label in screenshot.
|
||||
This mechanism allows Grafana to remove an existing synchronized user from a team when its LDAP group membership changes. This mechanism also enables you to manually add
|
||||
a user as member of a team and it will not be removed when the user signs in. This gives you flexibility to combine LDAP group memberships and Grafana team memberships.
|
||||
|
||||
<div class="clearfix"></div>
|
||||
|
||||
### Enable LDAP group synchronization for a team
|
||||
|
||||
{{< docs-imagebox img="/img/docs/enterprise/team_add_external_group.png" class="docs-image--no-shadow docs-image--right" max-width= "600px" >}}
|
||||
|
||||
1. Navigate to Configuration / Teams.
|
||||
2. Select a team.
|
||||
3. Select the External group sync tab and click on the `Add group` button.
|
||||
4. Insert LDAP distinguished name (DN) of LDAP group you want to synchronize with the team.
|
||||
5. Click on `Add group` button to save.
|
||||
|
||||
<div class="clearfix"></div>
|
@ -1,6 +1,7 @@
|
||||
+++
|
||||
title = "Grafana Enterprise"
|
||||
description = "Grafana Enterprise overview"
|
||||
keywords = ["grafana", "documentation", "datasource", "permissions", "ldap", "licensing", "enterprise"]
|
||||
type = "docs"
|
||||
[menu.docs]
|
||||
name = "Grafana Enterprise"
|
||||
@ -18,9 +19,9 @@ version.
|
||||
Grafana Enterprise includes all of the features found in the open source version. Below we list the additional features
|
||||
that can only be found in the Enterprise edition.
|
||||
|
||||
### Enhanced LDAP
|
||||
### Enhanced LDAP Integration
|
||||
|
||||
With Grafana Enterprise you can setup syncing between LDAP Groups and Teams. [Learn More](link).
|
||||
With Grafana Enterprise you can setup synchronization between LDAP Groups and Teams. [Learn More]({{< relref "auth/enhanced_ldap.md" >}}).
|
||||
|
||||
### Datasource Permissions
|
||||
|
||||
@ -28,5 +29,5 @@ Datasource permissions allows you to restrict access for users to query a dataso
|
||||
|
||||
## Try Grafana Enterprise
|
||||
|
||||
## Licence file mangement
|
||||
## Licence file management
|
||||
|
||||
|
111
docs/sources/http_api/external_group_sync.md
Normal file
111
docs/sources/http_api/external_group_sync.md
Normal file
@ -0,0 +1,111 @@
|
||||
+++
|
||||
title = "External Group Sync HTTP API "
|
||||
description = "Grafana External Group Sync HTTP API"
|
||||
keywords = ["grafana", "http", "documentation", "api", "team", "teams", "group", "member", "enterprise"]
|
||||
aliases = ["/http_api/external_group_sync/"]
|
||||
type = "docs"
|
||||
[menu.docs]
|
||||
name = "External Group Sync"
|
||||
parent = "http_api"
|
||||
+++
|
||||
|
||||
# External Group Synchronization API
|
||||
|
||||
> External Group Synchronization is only available in Grafana Enterprise. Read more about [Grafana Enterprise]({{< relref "enterprise/index.md" >}}).
|
||||
|
||||
## Get External Groups
|
||||
|
||||
`GET /api/teams/:teamId/groups`
|
||||
|
||||
**Example Request**:
|
||||
|
||||
```http
|
||||
GET /api/teams/1/groups HTTP/1.1
|
||||
Accept: application/json
|
||||
Content-Type: application/json
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
```
|
||||
|
||||
**Example Response**:
|
||||
|
||||
```http
|
||||
HTTP/1.1 200
|
||||
Content-Type: application/json
|
||||
|
||||
[
|
||||
{
|
||||
"orgId": 1,
|
||||
"teamId": 1,
|
||||
"groupId": "cn=editors,ou=groups,dc=grafana,dc=org"
|
||||
}
|
||||
]
|
||||
```
|
||||
|
||||
Status Codes:
|
||||
|
||||
- **200** - Ok
|
||||
- **401** - Unauthorized
|
||||
- **403** - Permission denied
|
||||
|
||||
## Add External Group
|
||||
|
||||
`POST /api/teams/:teamId/groups`
|
||||
|
||||
**Example Request**:
|
||||
|
||||
```http
|
||||
POST /api/teams/1/members HTTP/1.1
|
||||
Accept: application/json
|
||||
Content-Type: application/json
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
|
||||
{
|
||||
"groupId": "cn=editors,ou=groups,dc=grafana,dc=org"
|
||||
}
|
||||
```
|
||||
|
||||
**Example Response**:
|
||||
|
||||
```http
|
||||
HTTP/1.1 200
|
||||
Content-Type: application/json
|
||||
|
||||
{"message":"Group added to Team"}
|
||||
```
|
||||
|
||||
Status Codes:
|
||||
|
||||
- **200** - Ok
|
||||
- **400** - Group is already added to this team
|
||||
- **401** - Unauthorized
|
||||
- **403** - Permission denied
|
||||
- **404** - Team not found
|
||||
|
||||
## Remove External Group
|
||||
|
||||
`DELETE /api/teams/:teamId/groups/:groupId`
|
||||
|
||||
**Example Request**:
|
||||
|
||||
```http
|
||||
DELETE /api/teams/1/groups/cn=editors,ou=groups,dc=grafana,dc=org HTTP/1.1
|
||||
Accept: application/json
|
||||
Content-Type: application/json
|
||||
Authorization: Basic YWRtaW46YWRtaW4=
|
||||
```
|
||||
|
||||
**Example Response**:
|
||||
|
||||
```http
|
||||
HTTP/1.1 200
|
||||
Content-Type: application/json
|
||||
|
||||
{"message":"Team Group removed"}
|
||||
```
|
||||
|
||||
Status Codes:
|
||||
|
||||
- **200** - Ok
|
||||
- **401** - Unauthorized
|
||||
- **403** - Permission denied
|
||||
- **404** - Team not found/Group not found
|
Loading…
Reference in New Issue
Block a user