Grafana从2.1开始支持LDAP集成LDAP的统一用户登录认证。默认是LDAP是未启用,需手动更改配置使之能支持LDAP。在参考官方文档Grafana LDAP Authentication进行配置。
- Grafana主配置文件grafana.ini中开启LDAP认证
vim /etc/grafana/grafana.ini[auth.ldap] enabled = true config_file = /etc/grafana/ldap.toml allow_sign_up = true
- LDAP配置/ldap.toml
[[servers]] host = "10.10.10.10" port = 389 use_ssl = false start_tls = false ssl_skip_verify = false bind_dn = "cn=ldapadmin,cn=Users,dc=hi,dc=local" bind_password = 'xxxxxx' search_filter = "(cn=%s)" search_base_dns = ["dc=hi,dc=local"] [servers.attributes] name = "givenName" surname = "sn" username = "cn" member_of = "memberOf" email = "email" [[servers.group_mappings]] group_dn = "cn=admins,dc=grafana,dc=org" org_role = "Admin" [[servers.group_mappings]] group_dn = "cn=users,dc=grafana,dc=org" org_role = "Editor" [[servers.group_mappings]] group_dn = "*" org_role = "Viewer"
- 查看LDAP连接
如果ldap.toml配置正确无误,Grafana可在Server Admin查看LDAP连接情况和测试用户映射。但仅限admin管理员操作。
来源:oschina
链接:https://my.oschina.net/u/4406496/blog/4277211