diff options
author | Alex Auvolat <alex@adnab.me> | 2022-10-16 18:12:57 +0200 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-10-16 18:12:57 +0200 |
commit | 5613ed99086618b91441d84620bdbe27a94ad1d2 (patch) | |
tree | 304f247c4099a430a29f6d44f5f41172a2c50a7d /cluster/prod/app/telemetry/config/grafana-ldap.toml | |
parent | 42409de1b1638f5d935831dc66ddff9a1d9ba29d (diff) | |
download | nixcfg-5613ed99086618b91441d84620bdbe27a94ad1d2.tar.gz nixcfg-5613ed99086618b91441d84620bdbe27a94ad1d2.zip |
Complete telemetry configuration
Diffstat (limited to 'cluster/prod/app/telemetry/config/grafana-ldap.toml')
-rw-r--r-- | cluster/prod/app/telemetry/config/grafana-ldap.toml | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/cluster/prod/app/telemetry/config/grafana-ldap.toml b/cluster/prod/app/telemetry/config/grafana-ldap.toml new file mode 100644 index 0000000..31cf18a --- /dev/null +++ b/cluster/prod/app/telemetry/config/grafana-ldap.toml @@ -0,0 +1,49 @@ +[[servers]] +# Ldap server host (specify multiple hosts space separated) +host = "bottin.service.prod.consul" +# Default port is 389 or 636 if use_ssl = true +port = 389 +# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS) +use_ssl = false +# If set to true, use LDAP with STARTTLS instead of LDAPS +start_tls = false +# set to true if you want to skip SSL cert validation +ssl_skip_verify = false +# set to the path to your root CA certificate or leave unset to use system defaults +# root_ca_cert = "/path/to/certificate.crt" +# Authentication against LDAP servers requiring client certificates +# client_cert = "/path/to/client.crt" +# client_key = "/path/to/client.key" + +# Search user bind dn +bind_dn = "cn=grafana,ou=services,ou=users,dc=deuxfleurs,dc=fr" +# Search user bind password +# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" +bind_password = "{{ key "secrets/telemetry/grafana/grafana_ldap_password" | trimSpace }}" + +# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)" +# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))" +search_filter = "(cn=%s)" + +# An array of base dns to search through +search_base_dns = ["ou=users,dc=deuxfleurs,dc=fr"] + +# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" +# group_search_filter_user_attribute = "distinguishedName" +# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"] + +[[servers.group_mappings]] +group_dn = "cn=admin,ou=groups,dc=deuxfleurs,dc=fr" +org_role = "Admin" +grafana_admin = true + +[[servers.group_mappings]] +group_dn = "*" +org_role = "Viewer" + +# Specify names of the LDAP attributes your LDAP uses +[servers.attributes] +member_of = "memberof" +email = "mail" +username = "cn" +uid = "cn" |