Merge pull request #1 from greatbn/master

update file config ldap.toml for openldap and freeipa

Merge pull request #1 from greatbn/master
update file config ldap.toml for openldap and freeipa
f30d069a · Tô Thành Công · a72f2803 · 21c70660 · f30d069a · f30d069a
Commit f30d069a authored Mar 30, 2016 by Tô Thành Công
Show whitespace changes
Inline Side-by-side

Showing with 117 additions and 0 deletions

freeipa_ldap.toml file-sample/freeipa_ldap.toml +59 -0

openldap_ldap.toml file-sample/openldap_ldap.toml +58 -0

No files found.
--- a/file-sample/freeipa_ldap.toml
+++ b/file-sample/freeipa_ldap.toml
+# Set to true to log user information returned from LDAP
+verbose_logging = false
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "IP_ldap_server"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if ldap server supports TLS
+#use_ssl = false
+# set to true if you want to skip ssl cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = /path/to/certificate.crt
+# Search user bind dn
+bind_dn = "cn=grafana,cn=users,cn=accounts,dc=local,dc=domain"
+# Search user bind password
+bind_password = 'password'
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+search_filter = "(uid=%s)"
+# An array of base dns to search through
+search_base_dns = ["cn=users,cn=accounts,dc=local,dc=domain"]
+# In POSIX LDAP schemas, without memberOf attribute a secondary query must be made for groups.
+# This is done by enabling group_search_filter below. You must also set member_of= "cn"
+# in [servers.attributes] below.
+## Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)
+# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+## An array of the base DNs to search through for groups. Typically uses ou=groups
+# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
+# Specify names of the ldap attributes your ldap uses
+[servers.attributes]
+name = "displayName"
+surname = "sn"
+username = "uid"
+member_of = "memberOf"
+email =  "mail"
+# Map ldap groups to grafana org roles
+[[servers.group_mappings]]
+group_dn = "cn=admins,cn=groups,cn=accounts,dc=local,dc=domain"
+org_role = "Admin"
+# The Grafana organization database id, optional, if left out the default org (id 1) will be used
+# org_id = 1
+[[servers.group_mappings]]
+group_dn = "cn=editor_grafana,cn=groups,cn=accounts,dc=local,dc=domain"
+org_role = "Editor"
+[[servers.group_mappings]]
+# If you want to match all (or no ldap groups) then you can use wildcard
+group_dn = "*"
+org_role = "Viewer"
--- a/file-sample/openldap_ldap.toml
+++ b/file-sample/openldap_ldap.toml
+# Set to true to log user information returned from LDAP
+verbose_logging = true
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "nhap_ip_ldap_server"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if ldap server supports TLS
+#use_ssl = false
+# set to true if you want to skip ssl cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = /path/to/certificate.crt
+# Search user bind dn
+bind_dn = "cn=admin,dc=vsc,dc=vn"
+# Search user bind password
+bind_password = 'password'
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+search_filter = "(uid=%s)"
+# An array of base dns to search through
+search_base_dns = ["ou=People,dc=vsc,dc=vn"]
+# In POSIX LDAP schemas, without memberOf attribute a secondary query must be made for groups.
+# This is done by enabling group_search_filter below. You must also set member_of= "cn"
+# in [servers.attributes] below.
+## Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)
+group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+## An array of the base DNs to search through for groups. Typically uses ou=groups
+group_search_base_dns = ["ou=Groups,dc=vsc,dc=vn"]
+# Specify names of the ldap attributes your ldap uses
+[servers.attributes]
+name = "displayName"
+surname = "sn"
+username = "uid"
+member_of = "entryDN"
+email =  "mail"
+# Map ldap groups to grafana org roles
+[[servers.group_mappings]]
+group_dn = "cn=admin,ou=Groups,dc=vsc,dc=vn"
+org_role = "Admin"
+# The Grafana organization database id, optional, if left out the default org (id 1) will be used
+# org_id = 1
+[[servers.group_mappings]]
+group_dn = "cn=trainee,ou=Groups,dc=vsc,dc=vn"
+org_role = "Editor"
+[[servers.group_mappings]]
+# If you want to match all (or no ldap groups) then you can use wildcard
+group_dn = "*"
+org_role = "Viewer"