Grafana 使用SSL加密集成 OpenLDAP

准备grafana相应的权限用户组

图片1

设置ldap配置文件

ldap使用的是自签发证书

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
[root@localhost grafana]# vim ldap.toml
[log]
mode = 'console'
#filters = 'ldap:debug'

[[servers]]
host = "ldap.sys.com"
port = 10636
use_ssl = true
start_tls = false
ssl_skip_verify = true

bind_dn = "cn=admin,dc=sys,dc=com"
bind_password = 'abc.abc'
timeout = 10

search_filter = "(cn=%s)"
search_base_dns = ["ou=users,dc=sys,dc=com"]

group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=AWS-UAT,ou=grafana,ou=groups,dc=sys,dc=com"]
group_search_filter_user_attribute = "uid"

[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "cn"
email = "mail"

#admins组的用户分配到Admin权限组
[[servers.group_mappings]]
group_dn = "AWS-UAT-Admins"
org_role = "Admin"

#editors组的用户分配到Editor权限组
[[servers.group_mappings]]
group_dn = "grafana-editors"
org_role = "Editor"

#viewers组的用户分配到viewer权限组
[[servers.group_mappings]]
group_dn = "grafana-viewers"
org_role = "Viewer"

配置完后重启grafana服务

测试ldap账户登录

图片2

-------------本文结束感谢您的阅读-------------