Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / grafana / 377c14cca0ff1cd5c0b2a292f28b96ee5408273e^! / . / README.rst
commit377c14cca0ff1cd5c0b2a292f28b96ee5408273e[log] [tgz]
authorGuillaume Thouvenin <gthouvenin@mirantis.com>Mon Dec 05 13:11:53 2016 +0100
committerGuillaume Thouvenin <gthouvenin@mirantis.com>Thu Dec 08 17:15:56 2016 +0100
tree1c926c3a00a3aba8e1f2f46de000a9bb579db286
parent884f1a179efa4896a9b63159a4b1043f8d20b29f [diff] [blame]
Add support for LDAP authentication

This patch adds support for LDAP authentication. It also adds support
to manage authorization. It is now possible to enable several kind of
authentication like LDAP and basic auth. So we introduce a new schema
for allowing it:

  auth:
    basic:
      enabled: true
    ldap:
      enabled: true
      [...]

instead of

  auth:
    engine: basic

The former declaration is still valid for basic, anonymous and proxy
authentication.

diff --git a/README.rst b/README.rst
index f806ffe..369b262 100644
--- a/README.rst
+++ b/README.rst

@@ -44,6 +44,83 @@
           user: grafana
           password: passwd
 
+Server installed with LDAP authentication and all authenticated users are
+administrators
+
+.. code-block:: yaml
+
+    grafana:
+      server:
+        enabled: true
+        admin:
+          user: admin
+          password: passwd
+        auth:
+          ldap:
+            enabled: true
+            host: '127.0.0.1'
+            port: 389
+            use_ssl: false
+            bind_dn: "cn=admin,dc=grafana,dc=org"
+            bind_password: "grafana"
+            user_search_filter: "(cn=%s)"
+            user_search_base_dns:
+            - "dc=grafana,dc=org"
+
+Server installed with LDAP and basic authentication
+
+.. code-block:: yaml
+
+    grafana:
+      server:
+        enabled: true
+        admin:
+          user: admin
+          password: passwd
+        auth:
+          basic:
+            enabled: true
+          ldap:
+            enabled: true
+            host: '127.0.0.1'
+            port: 389
+            use_ssl: false
+            bind_dn: "cn=admin,dc=grafana,dc=org"
+            bind_password: "grafana"
+            user_search_filter: "(cn=%s)"
+            user_search_base_dns:
+            - "dc=grafana,dc=org"
+
+Server installed with LDAP for authentication and authorization
+
+.. code-block:: yaml
+
+    grafana:
+      server:
+        enabled: true
+        admin:
+          user: admin
+          password: passwd
+        auth:
+          ldap:
+            enabled: true
+            host: '127.0.0.1'
+            port: 389
+            use_ssl: false
+            bind_dn: "cn=admin,dc=grafana,dc=org"
+            bind_password: "grafana"
+            user_search_filter: "(cn=%s)"
+            user_search_base_dns:
+            - "dc=grafana,dc=org"
+            group_search_filter: "(&(objectClass=posixGroup)(memberUid=%s))"
+            group_search_base_dns:
+            - "ou=groups,dc=grafana,dc=org"
+            authorization:
+              enabled: true
+              admin_group: "admins"
+              editor_group: "editors"
+              viewer_group: "viewers"
+
 Server installed with default StackLight JSON dashboards. This will
 be replaced by the possibility for a service to provide its own dashboard
 using salt-mine.