New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature request] ldap.toml environment interpolation #8832
Comments
+1 |
Facing the same issue. |
+1 |
4 similar comments
+1 |
+1 |
+1 |
+1 |
is there any workaround for this issue ? help will be appreciated .. |
+1 |
4 similar comments
+1 |
+1 |
+1 |
+1 |
Do you think this could be implemented? |
@torkelo would making a PR be accepted? Basically, this is where the magic happens right, so we'd need to implement overrides for our variables based on if ENV var are set or not. |
A PR has been created to solve this issue: #17526 |
Please @torkelo could you provide an example of how was this finally implemented? I'm trying: - GF_AUTH_LDAP_ENABLED=true
- GF_AUTH_LDAP_ALLOW_SIGN_UP=true
- GF_AUTH_LDAP_SERVERS_0_HOST="**********"
- GF_AUTH_LDAP_SERVERS_0_PORT=389
- GF_AUTH_LDAP_SERVERS_0_USE_SSL=false
- GF_AUTH_LDAP_SERVERS_0_START_TLS=false
- GF_AUTH_LDAP_SERVERS_0_SSL_SKIP_VERIFY=true
- GF_AUTH_LDAP_SERVERS_0_BIND_DN="**********"
- GF_AUTH_LDAP_SERVERS_0_BIND_PASSWORD="**********"
- GF_AUTH_LDAP_SERVERS_0_SEARCH_FILTER="(cn=%s)"
- GF_AUTH_LDAP_SERVERS_0_SEARCH_BASE_DNS="**********"
- GF_AUTH_LDAP_SERVERS_ATTRIBUTES_NAME="givenName"
- GF_AUTH_LDAP_SERVERS_ATTRIBUTES_SURNAME="sn"
- GF_AUTH_LDAP_SERVERS_ATTRIBUTES_USERNAME="cn"
- GF_AUTH_LDAP_SERVERS_ATTRIBUTES_MEMBER_OF="memberOf"
- GF_AUTH_LDAP_SERVERS_ATTRIBUTES_EMAIL="email" |
@mjiderhamn thanks. Sorry, I missed the point of this issue :) Anyway, I'm asking about setting LDAP through env vars like in the main config file. Is it doable? |
I wanted to set up the LDAP configuration with environmente variables too and this is what I came up with. Maybe you can use this as a base for what you are looking for. docker-compose.yml:
Note how I changed the user and the entrypoint. Also mounted entrypoint.sh and ldap.template.toml ./src/grafana/entrypoint.sh (rememember to chmod +x it)
./src/grafana/ldap.template.toml
|
If I specify an environment variable that's extracting the bind password from a file ( Can I do this? bind_password = '${AUTH_LDAP_BINDPASSWORD}' The reason for this is that I don't want the LDAP bind password to be visible in the container's environment. |
Just found this https://grafana.com/docs/grafana/v9.0/setup-grafana/configure-grafana/#file-provider. Can this be used for variable expansion? |
Hi all! Is it possible to override environment variables in ldap.toml when starting a container? eg. docker run -d -p 3000:3000 -e "GF_SERVERS_HOST='my_ad_host'" grafana/grafana-enterprise Thanks in advance for more experienced replies! |
It would be useful to be able to do the some kind of environment variable expansion in the
ldap.toml
file, much like what can be done ingrafana.ini
, especially to inject the bind password.There is an additional complexity with this file as compared to
grafana.ini
in that there can be multipleserver
sections, so possible using the same kind ofGF_<SECTION>_<KEY>
syntax might be difficult. For me, just being able to dobind_password = {BIND_PASSWORD1}
andbind_password = {BIND_PASSWORD2}
would be sufficient, though, so maybe there is no need to tackle that problem.The text was updated successfully, but these errors were encountered: