由 dawei
Grafana从2.1开始支持LDAP集成LDAP的统一用户登录认证。默认是LDAP是未启用,需手动更改配置使之能支持LDAP。在参考官方文档Grafana LDAP Authentication进行配置。
ASP站长网Grafana主配置文件grafana.ini中开启LDAP认证
vim /etc/grafana/grafana.ini
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
LDAP配置/ldap.toml
[[servers]]
host = "10.10.10.10"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=ldapadmin,cn=Users,dc=hi,dc=local"
bind_password = 'xxxxxx'
search_filter = "(cn=%s)"
search_base_dns = ["dc=hi,dc=local"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
[[servers.group_mappings]]
group_dn = "cn=admins,dc=grafana,dc=org"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "cn=users,dc=grafana,dc=org"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
查看LDAP连接
如果ldap.toml配置正确无误,Grafana可在Server Admin查看LDAP连接情况和测试用户映射。但仅限admin管理员操作。