aboutsummaryrefslogtreecommitdiff
path: root/cluster/prod/app/telemetry/config/grafana-ldap.toml
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-10-16 18:12:57 +0200
committerAlex Auvolat <alex@adnab.me>2022-10-16 18:12:57 +0200
commit5613ed99086618b91441d84620bdbe27a94ad1d2 (patch)
tree304f247c4099a430a29f6d44f5f41172a2c50a7d /cluster/prod/app/telemetry/config/grafana-ldap.toml
parent42409de1b1638f5d935831dc66ddff9a1d9ba29d (diff)
downloadnixcfg-5613ed99086618b91441d84620bdbe27a94ad1d2.tar.gz
nixcfg-5613ed99086618b91441d84620bdbe27a94ad1d2.zip
Complete telemetry configuration
Diffstat (limited to 'cluster/prod/app/telemetry/config/grafana-ldap.toml')
-rw-r--r--cluster/prod/app/telemetry/config/grafana-ldap.toml49
1 files changed, 49 insertions, 0 deletions
diff --git a/cluster/prod/app/telemetry/config/grafana-ldap.toml b/cluster/prod/app/telemetry/config/grafana-ldap.toml
new file mode 100644
index 0000000..31cf18a
--- /dev/null
+++ b/cluster/prod/app/telemetry/config/grafana-ldap.toml
@@ -0,0 +1,49 @@
+[[servers]]
+# Ldap server host (specify multiple hosts space separated)
+host = "bottin.service.prod.consul"
+# Default port is 389 or 636 if use_ssl = true
+port = 389
+# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
+use_ssl = false
+# If set to true, use LDAP with STARTTLS instead of LDAPS
+start_tls = false
+# set to true if you want to skip SSL cert validation
+ssl_skip_verify = false
+# set to the path to your root CA certificate or leave unset to use system defaults
+# root_ca_cert = "/path/to/certificate.crt"
+# Authentication against LDAP servers requiring client certificates
+# client_cert = "/path/to/client.crt"
+# client_key = "/path/to/client.key"
+
+# Search user bind dn
+bind_dn = "cn=grafana,ou=services,ou=users,dc=deuxfleurs,dc=fr"
+# Search user bind password
+# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+bind_password = "{{ key "secrets/telemetry/grafana/grafana_ldap_password" | trimSpace }}"
+
+# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
+search_filter = "(cn=%s)"
+
+# An array of base dns to search through
+search_base_dns = ["ou=users,dc=deuxfleurs,dc=fr"]
+
+# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+# group_search_filter_user_attribute = "distinguishedName"
+# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
+
+[[servers.group_mappings]]
+group_dn = "cn=admin,ou=groups,dc=deuxfleurs,dc=fr"
+org_role = "Admin"
+grafana_admin = true
+
+[[servers.group_mappings]]
+group_dn = "*"
+org_role = "Viewer"
+
+# Specify names of the LDAP attributes your LDAP uses
+[servers.attributes]
+member_of = "memberof"
+email = "mail"
+username = "cn"
+uid = "cn"