2019-07-22 16:39:22 +02:00
|
|
|
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
|
|
|
|
# [log]
|
|
|
|
# filters = ldap:debug
|
|
|
|
|
|
|
|
[[servers]]
|
|
|
|
# Ldap server host (specify multiple hosts space separated)
|
2021-02-07 13:08:03 +01:00
|
|
|
host = "re2o-ldap.adm.auro.re ldap-replica-ovh.adm.auro.re 10.128.0.21 10.128.0.149"
|
2019-07-22 16:39:22 +02:00
|
|
|
# Default port is 389 or 636 if use_ssl = true
|
|
|
|
port = 389
|
|
|
|
# Set to true if ldap server supports TLS
|
|
|
|
use_ssl = false
|
|
|
|
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
|
|
|
|
start_tls = false
|
|
|
|
# set to true if you want to skip ssl cert validation
|
|
|
|
ssl_skip_verify = false
|
|
|
|
# set to the path to your root CA certificate or leave unset to use system defaults
|
|
|
|
# root_ca_cert = "/path/to/certificate.crt"
|
|
|
|
# Authentication against LDAP servers requiring client certificates
|
|
|
|
# client_cert = "/path/to/client.crt"
|
|
|
|
# client_key = "/path/to/client.key"
|
|
|
|
|
|
|
|
# Search user bind dn
|
|
|
|
bind_dn = "cn=grafana,ou=service-users,dc=auro,dc=re"
|
|
|
|
# Search user bind password
|
|
|
|
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
|
2020-02-02 23:55:37 +01:00
|
|
|
bind_password = '${ENV_PASSWORD}'
|
2019-07-22 16:39:22 +02:00
|
|
|
|
|
|
|
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
|
|
|
|
search_filter = "(cn=%s)"
|
|
|
|
|
|
|
|
# An array of base dns to search through
|
|
|
|
search_base_dns = ["cn=Utilisateurs,dc=auro,dc=re"]
|
|
|
|
|
|
|
|
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
|
|
|
|
## Please check grafana LDAP docs for examples
|
|
|
|
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
|
|
|
|
group_search_base_dns = ["ou=posix,ou=groups,dc=auro,dc=re"]
|
|
|
|
group_search_filter_user_attribute = "cn"
|
|
|
|
|
|
|
|
# Specify names of the ldap attributes your ldap uses
|
|
|
|
[servers.attributes]
|
|
|
|
name = "sn"
|
|
|
|
surname = ""
|
|
|
|
username = "cn"
|
|
|
|
member_of = "dn"
|
|
|
|
email = "mail"
|
|
|
|
|
2021-02-07 13:08:03 +01:00
|
|
|
# Mapping pour les Responsables Techniques
|
|
|
|
[[servers.group_mappings]]
|
|
|
|
group_dn = "cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re"
|
|
|
|
org_role = "Admin"
|
|
|
|
|
|
|
|
# Mapping pour les techniciens (Apprentis)
|
2019-07-22 16:39:22 +02:00
|
|
|
[[servers.group_mappings]]
|
|
|
|
group_dn = "cn=technicien,ou=posix,ou=groups,dc=auro,dc=re"
|
|
|
|
org_role = "Editor"
|
|
|
|
|
2021-02-07 13:08:03 +01:00
|
|
|
# Mapping pour les adhérents
|
2019-07-22 16:39:22 +02:00
|
|
|
[[servers.group_mappings]]
|
|
|
|
# If you want to match all (or no ldap groups) then you can use wildcard
|
|
|
|
group_dn = "*"
|
|
|
|
org_role = "Viewer"
|