vi /etc/grafana/grafana.ini (文件不一定是这个噢,看自己启动服务的配置文件)
修改配置:
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml (文件路径不一定是这个噢,看自己的配置文件路径)
allow_sign_up = true
vi /etc/grafana/ldap.toml (同上面配置的config_file)
修改配置:
verbose_logging = true
[[servers]]
host = XXXX //公司内部ldaphost
port = XXXX //公司内部ldapport
use_ssl = false
ssl_skip_verify = false
bind_dn = "CN=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=com"
bind_password = XXXX
search_filter = "(sAMAccountName=%s)"
search_base_dns = ["OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXX"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "sAMAccountName"
member_of = "memberOf"
email = "mail"
[[servers.group_mappings]]
group_dn = "CN=XXXX,OU=User Group,OU=XXXX,DC=XXXX,DC=com"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer" //根据自己的需求定义角色
注意:XXXX根据自己公司ldap的配置填写
ldap我也不太懂,大家自己可以研究下