IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Devenv: Fix openldap-multiple dev environment (#75013)

Browse Source
This commit is contained in:
Gabriel MABILLE 2023-09-18 16:21:59 +02:00 committed by GitHub
parent ab75fbd009
commit 4280e31239
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 206 additions and 432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
devenv/docker/blocks/auth/openldap-multiple/README.md Normal file
View File

@ -0,0 +1,50 @@
# OpenLDAP-Multiple Docker Block
This Docker block uses `osixia/openldap` image and should work for Apple's ARM chip.
Instead of launching solely 1 openldap server, it launches two.
## Deployment
First build and deploy the `openldap` containers.
```bash
make devenv sources=auth/openldap-multiple
```
### Exposed ports
The first container will expose port `389` and `636`.
The second container will expose port `1389` and `1636`.
### Background services
The `osixia/openldap` container will update the database with any `*.ldif` file changes inside `./prepopulate` and the `./modules` folder. Remember to rebuild the `devenv` to apply any changes.
## Grafana configuration changes
The following changes are needed at Grafana's configuration file.
```ini
[auth.ldap]
enabled = true
config_file = ./devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml
```
## Available users and groups
### Srv1 (dc=srv1-grafana,dc=org)
- admins
- ldap-admin-srv1
- editors
- ldap-editor-srv1
- no groups
- ldap-viewer-srv1
## Srv2 (dc=srv2-grafana,dc=org)
- admins
- ldap-admin-srv2
- editors
- ldap-editor-srv2
- no groups
- ldap-viewer-srv2

30
devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server.Dockerfile
View File

@ -1,30 +0,0 @@
# Fork of https://github.com/dinkel/docker-openldap
FROM debian:jessie
LABEL maintainer="Grafana team <hello@grafana.com>"
ENV OPENLDAP_VERSION 2.4.40
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
slapd=${OPENLDAP_VERSION}* \
ldap-utils && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN mv /etc/ldap /etc/ldap.dist
EXPOSE 389
VOLUME ["/etc/ldap", "/var/lib/ldap"]
COPY admins-ldap-server/modules/ /etc/ldap.dist/modules
COPY admins-ldap-server/prepopulate/ /etc/ldap.dist/prepopulate
COPY ./entrypoint.sh /entrypoint.sh
COPY ./prepopulate.sh /prepopulate.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]

33
devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/modules/memberof.ldif
View File

@ -1,33 +0,0 @@
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
objectClass: top
olcModulePath: /usr/lib/ldap
olcModuleLoad: memberof.la
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
objectClass: top
olcModulePath: /usr/lib/ldap
olcModuleLoad: refint.la
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner

20
devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/2_users.ldif
View File

@ -1,20 +0,0 @@
# ldap-admin
dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
mail: ldap-admin@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin
cn: ldap-admin
dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org
mail: ldap-torkel@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-torkel
cn: ldap-torkel

6
devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/3_groups.ldif
View File

@ -1,6 +0,0 @@
dn: cn=admins,ou=groups,dc=grafana,dc=org
cn: admins
objectClass: groupOfNames
objectClass: top
member: cn=ldap-admin,ou=users,dc=grafana,dc=org
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org

40
devenv/docker/blocks/auth/openldap-multiple/docker-compose.yaml
View File

@ -1,23 +1,31 @@
admins-openldap: srv1-openldap:
build: container_name: srv1-ldap
context: docker/blocks/auth/openldap-multiple image: osixia/openldap
dockerfile: ./admins-ldap-server.Dockerfile
environment: environment:
SLAPD_PASSWORD: grafana LDAP_ORGANISATION: grafana
SLAPD_DOMAIN: grafana.org LDAP_DOMAIN: srv1-grafana.org
SLAPD_ADDITIONAL_MODULES: memberof LDAP_ADMIN_PASSWORD: grafana
LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/
ports: ports:
- "389:389" - 389:389
- 636:636
restart: unless-stopped
volumes:
- ./docker/blocks/auth/openldap-multiple/srv1_prepopulate/:/tmp/smt/
openldap: srv2-openldap:
build: container_name: srv2-ldap
context: docker/blocks/auth/openldap-multiple image: osixia/openldap
dockerfile: ./ldap-server.Dockerfile
environment: environment:
SLAPD_PASSWORD: grafana LDAP_ORGANISATION: grafana
SLAPD_DOMAIN: grafana.org LDAP_DOMAIN: srv2-grafana.org
SLAPD_ADDITIONAL_MODULES: memberof LDAP_ADMIN_PASSWORD: grafana
LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/
ports: ports:
- "388:389" - 1389:389
- 1636:636
restart: unless-stopped
volumes:
- ./docker/blocks/auth/openldap-multiple/srv2_prepopulate/:/tmp/smt/

98
devenv/docker/blocks/auth/openldap-multiple/entrypoint.sh
View File

@ -1,98 +0,0 @@
#!/bin/bash
# When not limiting the open file descriptors limit, the memory consumption of
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
ulimit -n 8192
set -e
chown -R openldap:openldap /var/lib/ldap/
if [[ ! -d /etc/ldap/slapd.d ]]; then
if [[ -z "$SLAPD_PASSWORD" ]]; then
echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. "
echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
exit 1
fi
if [[ -z "$SLAPD_DOMAIN" ]]; then
echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. "
echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
exit 1
fi
SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
cp -a /etc/ldap.dist/* /etc/ldap
cat <<-EOF | debconf-set-selections
slapd slapd/no_configuration boolean false
slapd slapd/password1 password $SLAPD_PASSWORD
slapd slapd/password2 password $SLAPD_PASSWORD
slapd shared/organization string $SLAPD_ORGANIZATION
slapd slapd/domain string $SLAPD_DOMAIN
slapd slapd/backend select HDB
slapd slapd/allow_ldap_v2 boolean false
slapd slapd/purge_database boolean false
slapd slapd/move_old_database boolean true
EOF
dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
dc_string=""
IFS="."; declare -a dc_parts=($SLAPD_DOMAIN)
for dc_part in "${dc_parts[@]}"; do
dc_string="$dc_string,dc=$dc_part"
done
base_string="BASE ${dc_string:1}"
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
sed_safe_password_hash=${password_hash//\//\\\/}
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${sed_safe_password_hash}/g" /tmp/config.ldif
rm -rf /etc/ldap/slapd.d/*
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
fi
if [[ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]]; then
IFS=","; declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS); unset IFS
for schema in "${schemas[@]}"; do
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1
done
fi
if [[ -n "$SLAPD_ADDITIONAL_MODULES" ]]; then
IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS
for module in "${modules[@]}"; do
echo "Adding module ${module}"
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
done
fi
# This needs to run in background
# Will prepopulate entries after ldap daemon has started
./prepopulate.sh &
chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/
else
slapd_configs_in_env=`env | grep 'SLAPD_'`
if [ -n "${slapd_configs_in_env:+x}" ]; then
echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
fi
fi
exec "$@"

30
devenv/docker/blocks/auth/openldap-multiple/ldap-server.Dockerfile
View File

@ -1,30 +0,0 @@
# Fork of https://github.com/dinkel/docker-openldap
FROM debian:jessie
LABEL maintainer="Grafana team <hello@grafana.com>"
ENV OPENLDAP_VERSION 2.4.40
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
slapd=${OPENLDAP_VERSION}* \
ldap-utils && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN mv /etc/ldap /etc/ldap.dist
EXPOSE 389
VOLUME ["/etc/ldap", "/var/lib/ldap"]
COPY ldap-server/modules/ /etc/ldap.dist/modules
COPY ldap-server/prepopulate/ /etc/ldap.dist/prepopulate
COPY ./entrypoint.sh /entrypoint.sh
COPY ./prepopulate.sh /prepopulate.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]

33
devenv/docker/blocks/auth/openldap-multiple/ldap-server/modules/memberof.ldif
View File

@ -1,33 +0,0 @@
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
objectClass: top
olcModulePath: /usr/lib/ldap
olcModuleLoad: memberof.la
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
objectClass: top
olcModulePath: /usr/lib/ldap
olcModuleLoad: refint.la
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner

59
devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/2_users.ldif
View File

@ -1,59 +0,0 @@
dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
mail: ldap-editor@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor
cn: ldap-editor
dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
mail: ldap-viewer@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer
cn: ldap-viewer
dn: cn=ldap-carl,ou=users,dc=grafana,dc=org
mail: ldap-carl@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-carl
cn: ldap-carl
dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org
mail: ldap-daniel@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-daniel
cn: ldap-daniel
dn: cn=ldap-leo,ou=users,dc=grafana,dc=org
mail: ldap-leo@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-leo
cn: ldap-leo
dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org
mail: ldap-tobias@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-tobias
cn: ldap-tobias

23
devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/3_groups.ldif
View File

@ -1,23 +0,0 @@
dn: cn=admins,ou=groups,dc=grafana,dc=org
cn: admins
objectClass: groupOfNames
objectClass: top
dn: cn=editors,ou=groups,dc=grafana,dc=org
cn: editors
objectClass: groupOfNames
member: cn=ldap-editor,ou=users,dc=grafana,dc=org
dn: cn=backend,ou=groups,dc=grafana,dc=org
cn: backend
objectClass: groupOfNames
member: cn=ldap-carl,ou=users,dc=grafana,dc=org
member: cn=ldap-leo,ou=users,dc=grafana,dc=org
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
dn: cn=frontend,ou=groups,dc=grafana,dc=org
cn: frontend
objectClass: groupOfNames
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
member: cn=ldap-daniel,ou=users,dc=grafana,dc=org
member: cn=ldap-leo,ou=users,dc=grafana,dc=org

76
devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml
View File

@ -4,18 +4,21 @@
# For the verbose comments options see "openldap" env block # For the verbose comments options see "openldap" env block
# --- First LDAP Server (only admins) --- # --- First LDAP Server ---
[[servers]] [[servers]]
host = "127.0.0.1" host = "127.0.0.1"
port = 389 port = 389
use_ssl = false use_ssl = false
start_tls = false start_tls = false
tls_ciphers = []
min_tls_version = ""
ssl_skip_verify = false ssl_skip_verify = false
bind_dn = "cn=admin,dc=grafana,dc=org"
timeout = 10
bind_dn = "cn=admin,dc=srv1-grafana,dc=org"
bind_password = 'grafana' bind_password = 'grafana'
search_filter = "(cn=%s)" search_filter = "(cn=%s)"
search_base_dns = ["ou=users,dc=grafana,dc=org"] search_base_dns = ["dc=srv1-grafana,dc=org"]
[servers.attributes] [servers.attributes]
name = "givenName" name = "givenName"
@ -24,36 +27,53 @@ username = "cn"
member_of = "memberOf" member_of = "memberOf"
email = "email" email = "email"
# Map ldap groups to grafana org roles
[[servers.group_mappings]] [[servers.group_mappings]]
group_dn = "cn=admins,ou=groups,dc=grafana,dc=org" group_dn = "cn=admins,ou=groups,dc=srv1-grafana,dc=org"
org_role = "Admin" org_role = "Admin"
grafana_admin = true
# --- Second LDAP Server (rest of the users) ---
[[servers]]
host = "127.0.0.1"
port = 388
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=grafana,dc=org"
bind_password = 'grafana'
search_filter = "(cn=%s)"
search_base_dns = ["ou=users,dc=grafana,dc=org"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
[[servers.group_mappings]] [[servers.group_mappings]]
group_dn = "cn=editors,ou=groups,dc=grafana,dc=org" group_dn = "cn=editors,ou=groups,dc=srv1-grafana,dc=org"
org_role = "Editor" org_role = "Editor"
[[servers.group_mappings]] [[servers.group_mappings]]
group_dn = "*" group_dn = "*"
org_role = "Viewer" org_role = "Viewer"
# --- Second LDAP Server ---
[[servers]]
host = "127.0.0.1"
port = 1389
use_ssl = false
start_tls = false
tls_ciphers = []
min_tls_version = ""
ssl_skip_verify = false
timeout = 10
bind_dn = "cn=admin,dc=srv2-grafana,dc=org"
bind_password = 'grafana'
search_filter = "(cn=%s)"
search_base_dns = ["dc=srv2-grafana,dc=org"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "cn=admins,ou=groups,dc=srv2-grafana,dc=org"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "cn=editors,ou=groups,dc=srv2-grafana,dc=org"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"

38
devenv/docker/blocks/auth/openldap-multiple/notes.md
View File

@ -1,38 +0,0 @@
# Notes on Multiple OpenLdap Docker Block
This is very similar to openldap docker block, but it creates multiple ldap servers instead of one.
Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database.
"admins-ldap-server" block contains admin group and admin users. The "ldap-server" block has all the rest of the users. See below for the full list of users.
This blocks are here to help with testing multiple LDAP servers, for any other LDAP related development and testing "openldap" block should be used.
## Enabling LDAP in Grafana
Copy the ldap_dev.toml file in this folder into your `conf` folder (it is gitignored already). To enable it in the .ini file to get Grafana to use this block:
```ini
[auth.ldap]
enabled = true
config_file = conf/ldap_dev.toml
; allow_sign_up = true
```
## Groups & Users
admins
ldap-admin
ldap-torkel
backend
ldap-carl
ldap-torkel
ldap-leo
frontend
ldap-torkel
ldap-tobias
ldap-daniel
editors
ldap-editor
no groups
ldap-viewer

14
devenv/docker/blocks/auth/openldap-multiple/prepopulate.sh
View File

@ -1,14 +0,0 @@
#!/bin/bash
echo "Pre-populating ldap entries, first waiting for ldap to start"
sleep 3
adminUserDn="cn=admin,dc=grafana,dc=org"
adminPassword="grafana"
for file in `ls /etc/ldap/prepopulate/*.ldif`; do
ldapadd -x -D $adminUserDn -w $adminPassword -f "$file"
done

4
devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/1_units.ldif → devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/1_units.ldif
View File

@ -1,9 +1,9 @@
dn: ou=groups,dc=grafana,dc=org dn: ou=groups,dc=srv1-grafana,dc=org
ou: Groups ou: Groups
objectclass: top objectclass: top
objectclass: organizationalUnit objectclass: organizationalUnit
dn: ou=users,dc=grafana,dc=org dn: ou=users,dc=srv1-grafana,dc=org
ou: Users ou: Users
objectclass: top objectclass: top
objectclass: organizationalUnit objectclass: organizationalUnit

30
devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/2_users.ldif Normal file
View File

@ -0,0 +1,30 @@
# ldap-admin-srv1
dn: cn=ldap-admin-srv1,ou=users,dc=srv1-grafana,dc=org
mail: ldap-admin-srv1@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin-srv1
cn: ldap-admin-srv1
dn: cn=ldap-editor-srv1,ou=users,dc=srv1-grafana,dc=org
mail: ldap-editor-srv1@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor-srv1
cn: ldap-editor-srv1
dn: cn=ldap-viewer-srv1,ou=users,dc=srv1-grafana,dc=org
mail: ldap-viewer-srv1@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer-srv1
cn: ldap-viewer-srv1

10
devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/3_groups.ldif Normal file
View File

@ -0,0 +1,10 @@
dn: cn=admins,ou=groups,dc=srv1-grafana,dc=org
cn: admins
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=ldap-admin-srv1,ou=users,dc=srv1-grafana,dc=org
dn: cn=editors,ou=groups,dc=srv1-grafana,dc=org
cn: editors
objectClass: groupOfUniqueNames
uniqueMember: cn=ldap-editor-srv1,ou=users,dc=srv1-grafana,dc=org

4
devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/1_units.ldif → devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/1_units.ldif
View File

@ -1,9 +1,9 @@
dn: ou=groups,dc=grafana,dc=org dn: ou=groups,dc=srv2-grafana,dc=org
ou: Groups ou: Groups
objectclass: top objectclass: top
objectclass: organizationalUnit objectclass: organizationalUnit
dn: ou=users,dc=grafana,dc=org dn: ou=users,dc=srv2-grafana,dc=org
ou: Users ou: Users
objectclass: top objectclass: top
objectclass: organizationalUnit objectclass: organizationalUnit

30
devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/2_users.ldif Normal file
View File

@ -0,0 +1,30 @@
# ldap-admin-srv2
dn: cn=ldap-admin-srv2-srv2,ou=users,dc=srv2-grafana,dc=org
mail: ldap-admin-srv2@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-admin-srv2
cn: ldap-admin-srv2
dn: cn=ldap-editor-srv2,ou=users,dc=srv2-grafana,dc=org
mail: ldap-editor-srv2@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-editor-srv2
cn: ldap-editor-srv2
dn: cn=ldap-viewer-srv2,ou=users,dc=srv2-grafana,dc=org
mail: ldap-viewer-srv2@grafana.com
userPassword: grafana
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: organizationalPerson
sn: ldap-viewer-srv2
cn: ldap-viewer-srv2

10
devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/3_groups.ldif Normal file
View File

@ -0,0 +1,10 @@
dn: cn=admins,ou=groups,dc=srv2-grafana,dc=org
cn: admins
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=ldap-admin-srv2,ou=users,dc=srv2-grafana,dc=org
dn: cn=editors,ou=groups,dc=srv2-grafana,dc=org
cn: editors
objectClass: groupOfUniqueNames
uniqueMember: cn=ldap-editor-srv2,ou=users,dc=srv2-grafana,dc=org