Skip to content
Snippets Groups Projects
Verified Commit 830afd15 authored by ynerant's avatar ynerant
Browse files

[grafana] More power! 


Signed-off-by: ynerant's avatarYohann D'ANELLO <ynerant@crans.org>
parent da70cc48
Hide whitespace changes
Inline Side-by-side
group_vars/grafana.yml
+ 4
0
View file @ 830afd15
......@@ -4,6 +4,10 @@ glob_grafana:
ldap_base: "{{ glob_ldap.base }}"
ldap_master_ipv4: "{{ glob_ldap.servers[0] }}"
ldap_user_tree: "ou=passwd,{{ glob_ldap.base }}"
ldap_group_tree: "ou=group,{{ glob_ldap.base }}"
ldap_group_filter: "uid"
ldap_group_admin: "cn=_nounou,ou=group,{{ glob_ldap.base }}"
ldap_group_editor: "*" # Everyone is editor
logos:
- which: crans_logo_white_small.svg
......
roles/grafana/templates/ldap.toml.j2
+ 9
3
View file @ 830afd15
......@@ -31,8 +31,8 @@ search_base_dns = ["ou=passwd,dc=crans,dc=org"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=group,{{ grafana.ldap_base }}"]
group_search_filter_user_attribute = "cn"
group_search_base_dns = ["{{ grafana.ldap_group_tree }}"]
group_search_filter_user_attribute = "{{ grafana.ldap_group_filter }}"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
......@@ -41,7 +41,13 @@ surname = "sn"
username = "uid"
email = "mail"
# Nounous can administrate
[[servers.group_mappings]]
group_dn = "{{ grafana.ldap_group_admin }}"
org_role = "Admin"
grafana_admin = true
# All LDAP members can edit
[[servers.group_mappings]]
group_dn = "*"
group_dn = "{{ grafana.ldap_group_editor }}"
org_role = "Editor"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment