jpweber/grafana-ldap-configuration

## grafana-ldap-configuration
## Environment Variables for grafana-deployment.yaml
GF_AUTH_LDAP_ENABLED=true
GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml

## Volume Mounts
- mountPath: /etc/grafana/ldap.toml
name: grafana-ldap-config
readOnly: false

## Volume
- configMap:
    name: grafana-ldap-config
  name: grafana-ldap-config

## ldap.toml config map
apiVersion: v1
kind: ConfigMap
metadata:
  name: grana-ldap-config
  namespace: monitoring
data:
  ldap.toml |-
    [[servers]]
    # Ldap server host (specify multiple hosts space separated)
    host = "127.0.0.1"
    # Default port is 389 or 636 if use_ssl = true
    port = 389
    # Set to true if ldap server supports TLS
    use_ssl = false
    # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
    start_tls = false
    # set to true if you want to skip ssl cert validation
    ssl_skip_verify = false
    # set to the path to your root CA certificate or leave unset to use system defaults
    # root_ca_cert = "/path/to/certificate.crt"
    # Authentication against LDAP servers requiring client certificates
    # client_cert = "/path/to/client.crt"
    # client_key = "/path/to/client.key"

    # Search user bind dn
    bind_dn = "cn=admin,dc=grafana,dc=org"
    # Search user bind password
    # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
    bind_password = 'grafana'

    # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
    # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
    search_filter = "(cn=%s)"

    # An array of base dns to search through
    search_base_dns = ["dc=grafana,dc=org"]

    # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
    # group_search_filter_user_attribute = "distinguishedName"
    # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]

    # Specify names of the ldap attributes your ldap uses
    [servers.attributes]
    name = "givenName"
    surname = "sn"
    username = "cn"
    member_of = "memberOf"
    email =  "email"
	## Environment Variables for grafana-deployment.yaml
	GF_AUTH_LDAP_ENABLED=true
	GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml

	## Volume Mounts
	- mountPath: /etc/grafana/ldap.toml
	name: grafana-ldap-config
	readOnly: false

	## Volume
	- configMap:
	name: grafana-ldap-config
	name: grafana-ldap-config

	## ldap.toml config map
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: grana-ldap-config
	namespace: monitoring
	data:
	ldap.toml \|-
	[[servers]]
	# Ldap server host (specify multiple hosts space separated)
	host = "127.0.0.1"
	# Default port is 389 or 636 if use_ssl = true
	port = 389
	# Set to true if ldap server supports TLS
	use_ssl = false
	# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
	start_tls = false
	# set to true if you want to skip ssl cert validation
	ssl_skip_verify = false
	# set to the path to your root CA certificate or leave unset to use system defaults
	# root_ca_cert = "/path/to/certificate.crt"
	# Authentication against LDAP servers requiring client certificates
	# client_cert = "/path/to/client.crt"
	# client_key = "/path/to/client.key"

	# Search user bind dn
	bind_dn = "cn=admin,dc=grafana,dc=org"
	# Search user bind password
	# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
	bind_password = 'grafana'

	# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
	# Allow login from email or username, example "(\|(sAMAccountName=%s)(userPrincipalName=%s))"
	search_filter = "(cn=%s)"

	# An array of base dns to search through
	search_base_dns = ["dc=grafana,dc=org"]

	# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
	# group_search_filter_user_attribute = "distinguishedName"
	# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]

	# Specify names of the ldap attributes your ldap uses
	[servers.attributes]
	name = "givenName"
	surname = "sn"
	username = "cn"
	member_of = "memberOf"
	email = "email"