Grafana配置Open LDAP
首先开启两个文件对LDAP支持
在容器内的文件
1 /etc/grafana/grafana.ini
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
2 /usr/share/grafana/conf/defaults.ini
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
再修改/etc/grafana/ldap.toml文件
# grep -Ev '^#|^$' ldap.toml
[[servers]]
host = "10.130.161.251"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=soimt,dc=com"
bind_password = 'admin1234'
search_filter = "(uid=%s)" #搜索ldap用户的表达式
search_base_dns = ["dc=soimt,dc=com"] #搜索ldap所在的用户
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" #搜索组
group_search_base_dns = ["ou=Grafana,dc=soimt,dc=com"] #搜索所在组
[servers.attributes]
name = "givenName"
surname = "sn"
username = "uid"
member_of = "cn"
email = "mail"
[[servers.group_mappings]] #这个就表示LDAP里为admin组,映射到grafana里的权限是Admin权限
group_dn = "admin"
org_role = "Admin"
grafana_admin = true
[[servers.group_mappings]]
group_dn = "editor"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "viewer"
org_role = "Viewer"
会自动同步权限
重启grafana
docker restart grafana
然后就可以使用ldap用户登录了。