crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

More scotch to fix ldap

certbot_on_virtu
Alexandre Iooss 2021-01-05 19:26:03 +01:00
parent 648a35a36b
commit b7f64f33ac
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
roles/grafana/templates/ldap.toml.j2
View File

@ -13,7 +13,7 @@ use_ssl = true
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS) # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false start_tls = false
# set to true if you want to skip ssl cert validation # set to true if you want to skip ssl cert validation
ssl_skip_verify = false ssl_skip_verify = true
# set to the path to your root CA certificate or leave unset to use system defaults # set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt" # root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates # Authentication against LDAP servers requiring client certificates
@ -21,13 +21,13 @@ ssl_skip_verify = false
# client_key = "/path/to/client.key" # client_key = "/path/to/client.key"
# Search user bind dn # Search user bind dn
bind_dn = "{{ grafana.ldap_bind_dn }}" bind_dn = "uid=%s,{{ ldap_user_tree }}"
# Search user bind password # Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;""" # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = '{{ grafana.ldap_passwd }}' #bind_password = ''
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)" # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(cn=%s)" search_filter = "(uid=%s)"
# An array of base dns to search through # An array of base dns to search through
search_base_dns = ["{{ ldap_user_tree }}"] search_base_dns = ["{{ ldap_user_tree }}"]
@ -35,15 +35,14 @@ search_base_dns = ["{{ ldap_user_tree }}"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings ## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples ## Please check grafana LDAP docs for examples
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))" group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
group_search_base_dns = ["ou=posix,ou=groups,{{ ldap_base }}"] group_search_base_dns = ["ou=group,{{ ldap_base }}"]
group_search_filter_user_attribute = "cn" group_search_filter_user_attribute = "cn"
# Specify names of the ldap attributes your ldap uses # Specify names of the ldap attributes your ldap uses
[servers.attributes] [servers.attributes]
name = "sn" name = "givenName"
surname = "" surname = "sn"
username = "cn" username = "uid"
member_of = "dn"
email = "mail" email = "mail"
# All LDAP members can edit # All LDAP members can edit