2023年6月21日发(作者:)

grafana集成LDAP⼀、综述本⽂包括docker容器安装grafana,以及ldap的配置。⼆、grafana的安装docker pull grafana/grafanadocker run --user root -d -p 3000:3000 --name=grafana -v /home/grafana:/var/lib/grafana grafana/grafana三、集成ldap1、开启LDAP认证Grafana主配置⽂件中修改如下docker psdocker exec -it 725aae2a7080 /bin/bashvi /etc/grafana/#################################### Auth LDAP ##########################

[]

enabled = true

config_file = /etc/grafana/

# allow_sign_up = true

# LDAP background sync (Enterprise only)

# At 1 am every day

# sync_cron = "0 0 1 * * *"

# active_sync_enabled = true2、LDAP配置# To troubleshoot and get more log info enable ldap debug logging in # [log]# filters = ldap:debug[[servers]]# Ldap server host (specify multiple hosts space separated)host = "192.168.5.66"# Default port is 389 or 636 if use_ssl = trueport = 389# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)use_ssl = false# If set to true, use LDAP with STARTTLS instead of LDAPSstart_tls = false# set to true if you want to skip ssl cert validationssl_skip_verify = false# set to the path to your root CA certificate or leave unset to use system defaults# root_ca_cert = "/path/to/"# Authentication against LDAP servers requiring client certificates# client_cert = "/path/to/"# client_key = "/path/to/"# Search user bind dnbind_dn = "cn=admin,dc=xxx,dc=com"# Search user bind password# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""bind_password = 'xxx'# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"search_filter = "(cn=%s)"# An array of base dns to search throughsearch_base_dns = ["dc=xxx,dc=com"]## For Posix or LDAP setups that does not support member_of attribute you can define the below settings## Please check grafana LDAP docs for examples# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]# group_search_filter_user_attribute = "uid"# Specify names of the ldap attributes your ldap uses[utes]name = "givenName"surname = "sn"username = "cn"member_of = "memberOf"email = "mail"# Map ldap groups to grafana org roles[[_mappings]]group_dn = "cn=grafana-admin,ou=grafana,ou=group,dc=xxx,dc=com"org_role = "Admin"# To make user an instance admin (Grafana Admin) uncomment line belowgrafana_admin = true# The Grafana organization database id, optional, if left out the default org (id 1) will be used# org_id = 1[[_mappings]]group_dn = "cn=grafana-users,ou=grafana,ou=group,dc=xxx,dc=com"org_role = "Editor"[[_mappings]]# If you want to match all (or no ldap groups) then you can use wildcardgroup_dn = "*"org_role = "Viewer"

2023年6月21日发(作者:)

grafana集成LDAP⼀、综述本⽂包括docker容器安装grafana,以及ldap的配置。⼆、grafana的安装docker pull grafana/grafanadocker run --user root -d -p 3000:3000 --name=grafana -v /home/grafana:/var/lib/grafana grafana/grafana三、集成ldap1、开启LDAP认证Grafana主配置⽂件中修改如下docker psdocker exec -it 725aae2a7080 /bin/bashvi /etc/grafana/#################################### Auth LDAP ##########################

[]

enabled = true

config_file = /etc/grafana/

# allow_sign_up = true

# LDAP background sync (Enterprise only)

# At 1 am every day

# sync_cron = "0 0 1 * * *"

# active_sync_enabled = true2、LDAP配置# To troubleshoot and get more log info enable ldap debug logging in # [log]# filters = ldap:debug[[servers]]# Ldap server host (specify multiple hosts space separated)host = "192.168.5.66"# Default port is 389 or 636 if use_ssl = trueport = 389# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)use_ssl = false# If set to true, use LDAP with STARTTLS instead of LDAPSstart_tls = false# set to true if you want to skip ssl cert validationssl_skip_verify = false# set to the path to your root CA certificate or leave unset to use system defaults# root_ca_cert = "/path/to/"# Authentication against LDAP servers requiring client certificates# client_cert = "/path/to/"# client_key = "/path/to/"# Search user bind dnbind_dn = "cn=admin,dc=xxx,dc=com"# Search user bind password# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""bind_password = 'xxx'# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"search_filter = "(cn=%s)"# An array of base dns to search throughsearch_base_dns = ["dc=xxx,dc=com"]## For Posix or LDAP setups that does not support member_of attribute you can define the below settings## Please check grafana LDAP docs for examples# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]# group_search_filter_user_attribute = "uid"# Specify names of the ldap attributes your ldap uses[utes]name = "givenName"surname = "sn"username = "cn"member_of = "memberOf"email = "mail"# Map ldap groups to grafana org roles[[_mappings]]group_dn = "cn=grafana-admin,ou=grafana,ou=group,dc=xxx,dc=com"org_role = "Admin"# To make user an instance admin (Grafana Admin) uncomment line belowgrafana_admin = true# The Grafana organization database id, optional, if left out the default org (id 1) will be used# org_id = 1[[_mappings]]group_dn = "cn=grafana-users,ou=grafana,ou=group,dc=xxx,dc=com"org_role = "Editor"[[_mappings]]# If you want to match all (or no ldap groups) then you can use wildcardgroup_dn = "*"org_role = "Viewer"