kubernetes/namespaces/monitoring/grafana/configmap-ldap-toml.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

apiVersion: v1
kind: ConfigMap
metadata:
  name: grafana-ldap-toml
  namespace: monitoring
data:
  grafana-ldap.toml: |
    [[servers]]
    # Ldap server host (specify multiple hosts space separated)
    host = "ldap01.box.pydis.wtf"
    # Default port is 389 or 636 if use_ssl = true
    port = 636
    # Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
    use_ssl = true
    # If set to true, use LDAP with STARTTLS instead of LDAPS
    start_tls = false

    root_ca_cert = "/opt/ipa-ca/pydis-ipa-cert.pem"

    # Search user bind dn
    bind_dn = "uid=grafana,cn=users,cn=accounts,dc=box,dc=pydis,dc=wtf"
    bind_password = "${LDAP_GRAFANA_PASSWORD}"

    timeout = 10

    # Allow login using both username or username@email
    search_filter = "(|(uid=%s)(mail=%s))"

    search_base_dns = ["cn=users,cn=accounts,dc=box,dc=pydis,dc=wtf"]

    [servers.attributes]
    member_of = "memberOf"
    email =  "mail"
    username = "uid"
    name = "displayName"

    [[servers.group_mappings]]
    group_dn = "cn=devops,cn=groups,cn=accounts,dc=box,dc=pydis,dc=wtf"
    org_role = "Admin"
    org_id = 2
    grafana_admin = true

    [[servers.group_mappings]]
    group_dn = "cn=administrators,cn=groups,cn=accounts,dc=box,dc=pydis,dc=wtf"
    org_id = 2
    org_role = "Editor"

    [[servers.group_mappings]]
    group_dn = "*"
    org_id = 2
    org_role = "Viewer"