Created
September 13, 2019 16:17
-
-
Save jpweber/7cb5ce2ba8f122fd8720603a3e7678ef to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Environment Variables for grafana-deployment.yaml | |
GF_AUTH_LDAP_ENABLED=true | |
GF_AUTH_LDAP_CONFIG_FILE=/etc/grafana/ldap.toml | |
## Volume Mounts | |
- mountPath: /etc/grafana/ldap.toml | |
name: grafana-ldap-config | |
readOnly: false | |
## Volume | |
- configMap: | |
name: grafana-ldap-config | |
name: grafana-ldap-config | |
## ldap.toml config map | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
name: grana-ldap-config | |
namespace: monitoring | |
data: | |
ldap.toml |- | |
[[servers]] | |
# Ldap server host (specify multiple hosts space separated) | |
host = "127.0.0.1" | |
# Default port is 389 or 636 if use_ssl = true | |
port = 389 | |
# Set to true if ldap server supports TLS | |
use_ssl = false | |
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) | |
start_tls = false | |
# set to true if you want to skip ssl cert validation | |
ssl_skip_verify = false | |
# set to the path to your root CA certificate or leave unset to use system defaults | |
# root_ca_cert = "/path/to/certificate.crt" | |
# Authentication against LDAP servers requiring client certificates | |
# client_cert = "/path/to/client.crt" | |
# client_key = "/path/to/client.key" | |
# Search user bind dn | |
bind_dn = "cn=admin,dc=grafana,dc=org" | |
# Search user bind password | |
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" | |
bind_password = 'grafana' | |
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)" | |
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))" | |
search_filter = "(cn=%s)" | |
# An array of base dns to search through | |
search_base_dns = ["dc=grafana,dc=org"] | |
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" | |
# group_search_filter_user_attribute = "distinguishedName" | |
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"] | |
# Specify names of the ldap attributes your ldap uses | |
[servers.attributes] | |
name = "givenName" | |
surname = "sn" | |
username = "cn" | |
member_of = "memberOf" | |
email = "email" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment