Skip to content

N
nexpie-grafana-theme
Commit 23a941e8 by Oleg Gaidarenko Committed by Torkel Ödegaard
Options

Docs: Example for multiple LDAP servers (#17216) 

Fixes #16898
parent 7df4d635
Showing with 63 additions and 0 deletions
docs/sources/auth/ldap.md
...@@ -215,6 +215,67 @@ email = "email" ...@@ -215,6 +215,67 @@ email = "email"
# [[servers.group_mappings]] omitted for clarity # [[servers.group_mappings]] omitted for clarity
``` ```
### Multiple LDAP servers
Grafana does support receiving information from multiple LDAP servers.
**LDAP specific configuration file (ldap.toml):**
```bash
# --- First LDAP Server ---
[[servers]]
host = "10.0.0.1"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=grafana,dc=org"
bind_password = 'grafana'
search_filter = "(cn=%s)"
search_base_dns = ["ou=users,dc=grafana,dc=org"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
[[servers.group_mappings]]
group_dn = "cn=admins,ou=groups,dc=grafana,dc=org"
org_role = "Admin"
grafana_admin = true
# --- Second LDAP Server ---
[[servers]]
host = "10.0.0.2"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=grafana,dc=org"
bind_password = 'grafana'
search_filter = "(cn=%s)"
search_base_dns = ["ou=users,dc=grafana,dc=org"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
[[servers.group_mappings]]
group_dn = "cn=editors,ou=groups,dc=grafana,dc=org"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
```
### Active Directory ### Active Directory
[Active Directory](https://technet.microsoft.com/en-us/library/hh831484(v=ws.11).aspx) is a directory service which is commonly used in Windows environments. [Active Directory](https://technet.microsoft.com/en-us/library/hh831484(v=ws.11).aspx) is a directory service which is commonly used in Windows environments.
...@@ -247,6 +308,8 @@ email = "mail" ...@@ -247,6 +308,8 @@ email = "mail"
# [[servers.group_mappings]] omitted for clarity # [[servers.group_mappings]] omitted for clarity
``` ```
#### Port requirements #### Port requirements
In above example SSL is enabled and an encrypted port have been configured. If your Active Directory don't support SSL please change `enable_ssl = false` and `port = 389`. In above example SSL is enabled and an encrypted port have been configured. If your Active Directory don't support SSL please change `enable_ssl = false` and `port = 389`.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment