IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-22 08:56:43 -06:00
Code Issues Packages Projects Releases Wiki Activity
e8256f0ad7
grafana/conf/ldap.toml
Alex Bligh e8256f0ad7 Add support for POSIX LDAP schema 
In the POSIX LDAP schema, there is no 'memberOf' attribute returned
in relation to which groups a person is a member of. Rather, it is
necessary to query the group objects which have the people as members.
This commit adds an additional filter, which if specified explicitly
searches for groups, rather than relying on the 'memberOf' attribute.
This enables Grafana to work with LDAP POSIX schema (e.g. OpenLDAP
etc.)

Signed-off-by: Alex Bligh <alex@alex.org.uk>
2015-10-13 19:51:59 +01:00

70 lines
2.3 KiB
TOML
Raw Blame History

# Set to true to log user information returned from LDAP
verbose_logging = false
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "127.0.0.1"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = /path/to/certificate.crt
# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"
# Search user bind password
bind_password = 'grafana'
# Schema's supporting memberOf
# Search filter, for example "(cn=%s)" or "(sAMAccountName=%s)"
search_filter = "(cn=%s)"
# An array of base dns to search through
search_base_dns = ["dc=grafana,dc=org"]
# Uncomment this section (and comment out the previous 2 entries) to use POSIX schema.
# In POSIX LDAP schemas, querying the people 'ou' gives you entries that do not have a
# memberOf attribute, so a secondary query must be made for groups. This is done by
# enabling group_search_filter below. You must also set
# member_of = "cn"
# in [servers.attributes] below.
#
# Search filter, used to retrieve the user
# search_filter = "(uid=%s)"
#
# An array of the base DNs to search through for users. Typically uses ou=people.
# search_base_dns = ["ou=people,dc=grafana,dc=org"]
#
# Group search filter, to retrieve the groups of which the user is a member
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
#
# An array of the base DNs to search through for groups. Typically uses ou=groups
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
# Map ldap groups to grafana org roles
[[servers.group_mappings]]
group_dn = "cn=admins,dc=grafana,dc=org"
org_role = "Admin"
# The Grafana organization database id, optional, if left out the default org (id 1) will be used
# org_id = 1
[[servers.group_mappings]]
group_dn = "cn=users,dc=grafana,dc=org"
org_role = "Editor"
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn = "*"
org_role = "Viewer"
Reference in New Issue View Git Blame Copy Permalink