Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #87 from jbfavre/add_ldap_support
Add ldap support
- Loading branch information
Showing
7 changed files
with
274 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
default['grafana']['ldap_verbose_logging'] = false | ||
|
||
default['grafana']['ldap']['[servers]']['host'] = { | ||
comment: 'Ldap server host', | ||
disable: false, | ||
value: '"127.0.0.1"' | ||
} | ||
default['grafana']['ldap']['[servers]']['port'] = { | ||
comment: 'Default port is 389 or 636 if use_ssl = true', | ||
disable: false, | ||
value: 389 | ||
} | ||
default['grafana']['ldap']['[servers]']['use_ssl'] = { | ||
comment: 'Set to true if ldap server supports TLS', | ||
disable: false, | ||
value: false | ||
} | ||
default['grafana']['ldap']['[servers]']['ssl_skip_verify'] = { | ||
comment: 'set to true if you want to skip ssl cert validation', | ||
disable: false, | ||
value: false | ||
} | ||
default['grafana']['ldap']['[servers]']['bind_dn'] = { | ||
comment: 'Search user bind dn', | ||
disable: false, | ||
value: '"cn=admin,dc=grafana,dc=org"' | ||
} | ||
default['grafana']['ldap']['[servers]']['bind_password'] = { | ||
comment: 'Search user bind password', | ||
disable: false, | ||
value: 'grafana' | ||
} | ||
default['grafana']['ldap']['[servers]']['search_filter'] = { | ||
comment: 'Search filter, for example "(cn=%s)" or "(sAMAccountName=%s)"', | ||
disable: false, | ||
value: '"(cn=%s)"' | ||
} | ||
default['grafana']['ldap']['[servers]']['search_base_dns'] = { | ||
comment: 'An array of base dns to search through', | ||
disable: false, | ||
value: ['dc=grafana,dc=org'] | ||
} | ||
default['grafana']['ldap']['servers.attributes'] = { | ||
name: { value: '"givenName"' }, | ||
surname: { value: '"sn"' }, | ||
username: { value: '"cn"' }, | ||
member_of: { value: '"memberOf"' }, | ||
email: { value: '"email"' } | ||
} | ||
default['grafana']['ldap_mappings'] = [ | ||
{ | ||
group_dn: { | ||
comment: 'Map ldap groups to grafana org roles', | ||
disable: false, | ||
value: '"cn=admins,ou=ACLs,dc=grafana,dc=org"' | ||
}, | ||
org_role: { | ||
disable: false, | ||
value: '"Admin"' | ||
}, | ||
org_id: { | ||
comment: 'The Grafana organization database id, optional, ' \ | ||
'if left out the default org (id 1) will be used', | ||
disable: true, | ||
value: 1 | ||
} | ||
}, | ||
{ | ||
group_dn: { | ||
disable: false, | ||
value: '"cn=users,dc=comugrafana,dc=org"' | ||
}, | ||
org_role: { | ||
disable: false, | ||
value: '"Editor"' | ||
} | ||
}, | ||
{ | ||
group_dn: { | ||
comment: 'If you want to match all (or no ldap groups) then you can use wildcard', | ||
disable: false, | ||
value: '"*"' | ||
}, | ||
org_role: { | ||
disable: false, | ||
value: '"Viewer"' | ||
} | ||
} | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
ldap = node['grafana']['ldap'].dup | ||
mapping = node['grafana']['ldap_mappings'].dup | ||
verbose_logging = node['grafana']['ldap_verbose_logging'] | ||
|
||
template node['grafana']['ini']['auth.ldap']['config_file']['value'] do | ||
source 'ldap.toml.erb' | ||
variables verbose_logging: verbose_logging, config: ldap, mapping: mapping | ||
owner 'root' | ||
group 'root' | ||
mode '0644' | ||
notifies :restart, 'service[grafana-server]', :delayed | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# | ||
# This file was generated by Chef for <%= node['fqdn'] %> and Grafana <%= node['grafana']['version'] %>. | ||
# Do not modify this file by hand! | ||
# | ||
# full documentation: http://docs.grafana.org/installation/configuration/ | ||
# | ||
|
||
# Set to true to log user information returned from LDAP | ||
verbose_logging = <%= @verbose_logging %> | ||
<%= GrafanaCookbook::IniHelper.format_config @config %> | ||
<%= GrafanaCookbook::IniHelper.format_config @mapping %> |