Commit 31d29054 by Oleg Gaidarenko Committed by Leonard Gram

LDAP:Docs: add information on LDAP sync feature and update LDAP sync default (#17689)

* Docs: for LDAP active sync feature
parent 335cec07
......@@ -394,8 +394,9 @@ enabled = false
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
# LDAP background sync (Enterprise only)
sync_cron = @hourly
# LDAP backround sync (Enterprise only)
# At 1 am every day
sync_cron = "0 0 1 * * *"
active_sync_enabled = false
#################################### SMTP / Emailing #####################
......
......@@ -41,3 +41,25 @@ a user as member of a team and it will not be removed when the user signs in. Th
5. Click on `Add group` button to save.
<div class="clearfix"></div>
## Active LDAP Synchronization
In the open source version of Grafana, user data from LDAP will be synchronized only during the login process when authenticating using LDAP.
With this feature you can configure Grafana to actively sync users with LDAP server(s) in the background. Role and team membership will be updated, removed users will be disabled and logged out. Only users that have logged into Grafana at least once will be synchronized.```
```bash
[auth.ldap]
...
# You can use the Cron syntax or several predefined schedulers -
# @yearly (or @annually) | Run once a year, midnight, Jan. 1st | 0 0 0 1 1 *
# @monthly | Run once a month, midnight, first of month | 0 0 0 1 * *
# @weekly | Run once a week, midnight between Sat/Sun | 0 0 0 * * 0
# @daily (or @midnight) | Run once a day, midnight | 0 0 0 * * *
# @hourly | Run once an hour, beginning of hour | 0 0 * * * *
sync_cron = "@hourly"
# This cron expression format uses 6 space-separated fields (including seconds), for example
# sync_cron = "* */10 * * * *"
# This will run the LDAP Synchronization every 10th minute, which is also the minimal interval between the grafana sync times i.e. you cannot set it for every 9th minute
```
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment