Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
N
nexpie-grafana-theme
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Registry
Registry
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kornkitt Poolsup
nexpie-grafana-theme
Commits
13d9acb1
Commit
13d9acb1
authored
Jan 13, 2019
by
Daniel Lee
Committed by
Leonard Gram
Feb 08, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
ldap: adds docker block for freeipa
parent
0bd39e54
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
161 additions
and
0 deletions
+161
-0
.gitignore
+1
-0
devenv/docker/blocks/freeipa/docker-compose.yaml
+54
-0
devenv/docker/blocks/freeipa/ldap_freeipa.toml
+74
-0
devenv/docker/blocks/freeipa/notes.md
+32
-0
No files found.
.gitignore
View file @
13d9acb1
...
...
@@ -46,6 +46,7 @@ devenv/docker-compose.yaml
/conf/provisioning/**/custom.yaml
/conf/provisioning/**/dev.yaml
/conf/ldap_dev.toml
/conf/ldap_freeipa.toml
profile.cov
/grafana
/local
...
...
devenv/docker/blocks/freeipa/docker-compose.yaml
0 → 100644
View file @
13d9acb1
version
:
'
3'
volumes
:
freeipa_data
:
{}
services
:
freeipa
:
image
:
freeipa/freeipa-server:fedora-29
container_name
:
freeipa
stdin_open
:
true
tty
:
true
sysctls
:
-
net.ipv6.conf.all.disable_ipv6=0
hostname
:
ipa.example.test
environment
:
# - DEBUG_TRACE=1
-
IPA_SERVER_IP=172.17.0.2
-
DEBUG_NO_EXIT=1
-
IPA_SERVER_HOSTNAME=ipa.example.test
-
PASSWORD=Secret123
-
HOSTNAME=ipa.example.test
command
:
-
--admin-password=Secret123
-
--ds-password=Secret123
-
-U
-
--realm=EXAMPLE.TEST
ports
:
# FreeIPA WebUI
-
"
80:80"
-
"
443:443"
# Kerberos
-
"
88:88/udp"
-
"
88:88"
-
"
464:464/udp"
-
"
464:464"
# LDAP
-
"
389:389"
-
"
636:636"
# DNS
# - "53:53/udp"
# - "53:53"
# NTP
-
"
123:123/udp"
# other
-
"
7389:7389"
-
"
9443:9443"
-
"
9444:9444"
-
"
9445:9445"
tmpfs
:
-
/run
-
/tmp
volumes
:
-
freeipa_data:/data:Z
-
/sys/fs/cgroup:/sys/fs/cgroup:ro
devenv/docker/blocks/freeipa/ldap_freeipa.toml
0 → 100644
View file @
13d9acb1
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host
=
"172.17.0.1"
# Default port is 389 or 636 if use_ssl = true
port
=
389
# Set to true if ldap server supports TLS
use_ssl
=
false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls
=
false
# set to true if you want to skip ssl cert validation
ssl_skip_verify
=
false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Search user bind dn
bind_dn
=
"uid=admin,cn=users,cn=accounts,dc=example,dc=test"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password
=
'Secret
123
'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter
=
"(uid=%s)"
# An array of base dns to search through
search_base_dns
=
["cn=users,cn=accounts,dc=example,dc=test"]
# In POSIX LDAP schemas, without memberOf attribute a secondary query must be made for groups.
# This is done by enabling group_search_filter below. You must also set member_of= "cn"
# in [servers.attributes] below.
# Users with nested/recursive group membership and an LDAP server that supports LDAP_MATCHING_RULE_IN_CHAIN
# can set group_search_filter, group_search_filter_user_attribute, group_search_base_dns and member_of
# below in such a way that the user's recursive group membership is considered.
#
# Nested Groups + Active Directory (AD) Example:
#
# AD groups store the Distinguished Names (DNs) of members, so your filter must
# recursively search your groups for the authenticating user's DN. For example:
#
# group_search_filter = "(member:1.2.840.113556.1.4.1941:=%s)"
# group_search_filter_user_attribute = "distinguishedName"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
#
# [servers.attributes]
# ...
# member_of = "distinguishedName"
## Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
## Group search filter user attribute defines what user attribute gets substituted for %s in group_search_filter.
## Defaults to the value of username in [server.attributes]
## Valid options are any of your values in [servers.attributes]
## If you are using nested groups you probably want to set this and member_of in
## [servers.attributes] to "distinguishedName"
# group_search_filter_user_attribute = "distinguishedName"
## An array of the base DNs to search through for groups. Typically uses ou=groups
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name
=
"givenName"
username
=
"uid"
member_of
=
"memberOf"
# surname = "sn"
# email = "mail"
[[servers.group_mappings]]
# If you want to match all (or no ldap groups) then you can use wildcard
group_dn
=
"*"
org_role
=
"Viewer"
devenv/docker/blocks/freeipa/notes.md
0 → 100644
View file @
13d9acb1
# Notes on FreeIPA LDAP Docker Block
Users have to be created manually. The docker-compose up command takes a few minutes to run.
## Create a user
`docker exec -it freeipa /bin/bash`
To create a user with username:
`ldap-viewer`
and password:
`grafana123`
```
bash
kinit admin
```
Log in with password
`Secret123`
```
bash
ipa user-add ldap-viewer
--first
ldap
--last
viewer
ipa passwd ldap-viewer
ldappasswd
-D
uid
=
ldap-viewer,cn
=
users,cn
=
accounts,dc
=
example,dc
=
org
-w
test
-a
test
-s
grafana123
```
## Enabling FreeIPA LDAP in Grafana
Copy the ldap_freeipa.toml file in this folder into your
`conf`
folder (it is gitignored already). To enable it in the .ini file to get Grafana to use this block:
```
ini
[auth.ldap]
enabled
=
true
config_file
=
conf/ldap_freeipa.toml
; allow_sign_up = true
```
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment