{{ ansible_managed | comment }} # To troubleshoot and get more log info enable ldap debug logging in grafana.ini # [log] # filters = ldap:debug [[servers]] # Ldap server host (specify multiple hosts space separated) host = "{{ grafana.ldap.host }}" # Default port is 389 or 636 if use_ssl = true port = 389 # Set to true if ldap server supports TLS use_ssl = false # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) start_tls = false # set to true if you want to skip ssl cert validation ssl_skip_verify = false # set to the path to your root CA certificate or leave unset to use system defaults # root_ca_cert = "/path/to/certificate.crt" # Authentication against LDAP servers requiring client certificates # client_cert = "/path/to/client.crt" # client_key = "/path/to/client.key" # Search user bind dn bind_dn = "{{ grafana.ldap.bind_dn }}" # Search user bind password # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" bind_password = '{{ grafana.ldap.bind_password }}' # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)" search_filter = "(cn=%s)" # An array of base dns to search through search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"] ## For Posix or LDAP setups that does not support member_of attribute you can define the below settings ## Please check grafana LDAP docs for examples group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"] group_search_filter_user_attribute = "cn" # Specify names of the ldap attributes your ldap uses [servers.attributes] name = "sn" surname = "" username = "cn" member_of = "dn" email = "mail" # Editors (RT and technicien) [[servers.group_mappings]] group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re" org_role = "Editor" [[servers.group_mappings]] group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re" org_role = "Editor" # Viewers [[servers.group_mappings]] # If you want to match all (or no ldap groups) then you can use wildcard group_dn = "*" org_role = "Viewer"