mirror of https://github.com/grafana/grafana
Devenv: Fix openldap-multiple dev environment (#75013)
Gabriel MABILLE
2 years ago
committed by
GitHub
parent
ab75fbd009
commit
4280e31239
@ -0,0 +1,50 @@ |
||||
# OpenLDAP-Multiple Docker Block |
||||
|
||||
This Docker block uses `osixia/openldap` image and should work for Apple's ARM chip. |
||||
Instead of launching solely 1 openldap server, it launches two. |
||||
|
||||
## Deployment |
||||
|
||||
First build and deploy the `openldap` containers. |
||||
|
||||
```bash |
||||
make devenv sources=auth/openldap-multiple |
||||
``` |
||||
|
||||
### Exposed ports |
||||
|
||||
The first container will expose port `389` and `636`. |
||||
The second container will expose port `1389` and `1636`. |
||||
|
||||
### Background services |
||||
|
||||
The `osixia/openldap` container will update the database with any `*.ldif` file changes inside `./prepopulate` and the `./modules` folder. Remember to rebuild the `devenv` to apply any changes. |
||||
|
||||
## Grafana configuration changes |
||||
|
||||
The following changes are needed at Grafana's configuration file. |
||||
|
||||
```ini |
||||
[auth.ldap] |
||||
enabled = true |
||||
config_file = ./devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml |
||||
``` |
||||
|
||||
## Available users and groups |
||||
|
||||
### Srv1 (dc=srv1-grafana,dc=org) |
||||
- admins |
||||
- ldap-admin-srv1 |
||||
- editors |
||||
- ldap-editor-srv1 |
||||
- no groups |
||||
- ldap-viewer-srv1 |
||||
|
||||
## Srv2 (dc=srv2-grafana,dc=org) |
||||
|
||||
- admins |
||||
- ldap-admin-srv2 |
||||
- editors |
||||
- ldap-editor-srv2 |
||||
- no groups |
||||
- ldap-viewer-srv2 |
||||
@ -1,30 +0,0 @@ |
||||
# Fork of https://github.com/dinkel/docker-openldap |
||||
|
||||
FROM debian:jessie |
||||
|
||||
LABEL maintainer="Grafana team <hello@grafana.com>" |
||||
|
||||
ENV OPENLDAP_VERSION 2.4.40 |
||||
|
||||
RUN apt-get update && \ |
||||
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ |
||||
slapd=${OPENLDAP_VERSION}* \ |
||||
ldap-utils && \ |
||||
apt-get clean && \ |
||||
rm -rf /var/lib/apt/lists/* |
||||
|
||||
RUN mv /etc/ldap /etc/ldap.dist |
||||
|
||||
EXPOSE 389 |
||||
|
||||
VOLUME ["/etc/ldap", "/var/lib/ldap"] |
||||
|
||||
COPY admins-ldap-server/modules/ /etc/ldap.dist/modules |
||||
COPY admins-ldap-server/prepopulate/ /etc/ldap.dist/prepopulate |
||||
|
||||
COPY ./entrypoint.sh /entrypoint.sh |
||||
COPY ./prepopulate.sh /prepopulate.sh |
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"] |
||||
|
||||
CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"] |
||||
@ -1,33 +0,0 @@ |
||||
dn: cn=module,cn=config |
||||
cn: module |
||||
objectClass: olcModuleList |
||||
objectClass: top |
||||
olcModulePath: /usr/lib/ldap |
||||
olcModuleLoad: memberof.la |
||||
|
||||
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config |
||||
objectClass: olcConfig |
||||
objectClass: olcMemberOf |
||||
objectClass: olcOverlayConfig |
||||
objectClass: top |
||||
olcOverlay: memberof |
||||
olcMemberOfDangling: ignore |
||||
olcMemberOfRefInt: TRUE |
||||
olcMemberOfGroupOC: groupOfNames |
||||
olcMemberOfMemberAD: member |
||||
olcMemberOfMemberOfAD: memberOf |
||||
|
||||
dn: cn=module,cn=config |
||||
cn: module |
||||
objectClass: olcModuleList |
||||
objectClass: top |
||||
olcModulePath: /usr/lib/ldap |
||||
olcModuleLoad: refint.la |
||||
|
||||
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config |
||||
objectClass: olcConfig |
||||
objectClass: olcOverlayConfig |
||||
objectClass: olcRefintConfig |
||||
objectClass: top |
||||
olcOverlay: {1}refint |
||||
olcRefintAttribute: memberof member manager owner |
||||
@ -1,20 +0,0 @@ |
||||
# ldap-admin |
||||
dn: cn=ldap-admin,ou=users,dc=grafana,dc=org |
||||
mail: ldap-admin@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-admin |
||||
cn: ldap-admin |
||||
|
||||
dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org |
||||
mail: ldap-torkel@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-torkel |
||||
cn: ldap-torkel |
||||
@ -1,6 +0,0 @@ |
||||
dn: cn=admins,ou=groups,dc=grafana,dc=org |
||||
cn: admins |
||||
objectClass: groupOfNames |
||||
objectClass: top |
||||
member: cn=ldap-admin,ou=users,dc=grafana,dc=org |
||||
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org |
||||
@ -1,23 +1,31 @@ |
||||
admins-openldap: |
||||
build: |
||||
context: docker/blocks/auth/openldap-multiple |
||||
dockerfile: ./admins-ldap-server.Dockerfile |
||||
srv1-openldap: |
||||
container_name: srv1-ldap |
||||
image: osixia/openldap |
||||
environment: |
||||
SLAPD_PASSWORD: grafana |
||||
SLAPD_DOMAIN: grafana.org |
||||
SLAPD_ADDITIONAL_MODULES: memberof |
||||
LDAP_ORGANISATION: grafana |
||||
LDAP_DOMAIN: srv1-grafana.org |
||||
LDAP_ADMIN_PASSWORD: grafana |
||||
LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/ |
||||
ports: |
||||
- "389:389" |
||||
- 389:389 |
||||
- 636:636 |
||||
restart: unless-stopped |
||||
volumes: |
||||
- ./docker/blocks/auth/openldap-multiple/srv1_prepopulate/:/tmp/smt/ |
||||
|
||||
openldap: |
||||
build: |
||||
context: docker/blocks/auth/openldap-multiple |
||||
dockerfile: ./ldap-server.Dockerfile |
||||
srv2-openldap: |
||||
container_name: srv2-ldap |
||||
image: osixia/openldap |
||||
environment: |
||||
SLAPD_PASSWORD: grafana |
||||
SLAPD_DOMAIN: grafana.org |
||||
SLAPD_ADDITIONAL_MODULES: memberof |
||||
LDAP_ORGANISATION: grafana |
||||
LDAP_DOMAIN: srv2-grafana.org |
||||
LDAP_ADMIN_PASSWORD: grafana |
||||
LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/ |
||||
ports: |
||||
- "388:389" |
||||
- 1389:389 |
||||
- 1636:636 |
||||
restart: unless-stopped |
||||
volumes: |
||||
- ./docker/blocks/auth/openldap-multiple/srv2_prepopulate/:/tmp/smt/ |
||||
|
||||
|
||||
|
||||
@ -1,98 +0,0 @@ |
||||
#!/bin/bash |
||||
|
||||
# When not limiting the open file descriptors limit, the memory consumption of |
||||
# slapd is absurdly high. See https://github.com/docker/docker/issues/8231 |
||||
ulimit -n 8192 |
||||
|
||||
|
||||
set -e |
||||
|
||||
chown -R openldap:openldap /var/lib/ldap/ |
||||
|
||||
if [[ ! -d /etc/ldap/slapd.d ]]; then |
||||
|
||||
if [[ -z "$SLAPD_PASSWORD" ]]; then |
||||
echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. " |
||||
echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?" |
||||
exit 1 |
||||
fi |
||||
|
||||
if [[ -z "$SLAPD_DOMAIN" ]]; then |
||||
echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. " |
||||
echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?" |
||||
exit 1 |
||||
fi |
||||
|
||||
SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}" |
||||
|
||||
cp -a /etc/ldap.dist/* /etc/ldap |
||||
|
||||
cat <<-EOF | debconf-set-selections |
||||
slapd slapd/no_configuration boolean false |
||||
slapd slapd/password1 password $SLAPD_PASSWORD |
||||
slapd slapd/password2 password $SLAPD_PASSWORD |
||||
slapd shared/organization string $SLAPD_ORGANIZATION |
||||
slapd slapd/domain string $SLAPD_DOMAIN |
||||
slapd slapd/backend select HDB |
||||
slapd slapd/allow_ldap_v2 boolean false |
||||
slapd slapd/purge_database boolean false |
||||
slapd slapd/move_old_database boolean true |
||||
EOF |
||||
|
||||
dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1 |
||||
|
||||
dc_string="" |
||||
|
||||
IFS="."; declare -a dc_parts=($SLAPD_DOMAIN) |
||||
|
||||
for dc_part in "${dc_parts[@]}"; do |
||||
dc_string="$dc_string,dc=$dc_part" |
||||
done |
||||
|
||||
base_string="BASE ${dc_string:1}" |
||||
|
||||
sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf |
||||
|
||||
if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then |
||||
password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"` |
||||
|
||||
sed_safe_password_hash=${password_hash//\//\\\/} |
||||
|
||||
slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif |
||||
sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${sed_safe_password_hash}/g" /tmp/config.ldif |
||||
rm -rf /etc/ldap/slapd.d/* |
||||
slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1 |
||||
fi |
||||
|
||||
if [[ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]]; then |
||||
IFS=","; declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS); unset IFS |
||||
|
||||
for schema in "${schemas[@]}"; do |
||||
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1 |
||||
done |
||||
fi |
||||
|
||||
if [[ -n "$SLAPD_ADDITIONAL_MODULES" ]]; then |
||||
IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS |
||||
|
||||
for module in "${modules[@]}"; do |
||||
echo "Adding module ${module}" |
||||
slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1 |
||||
done |
||||
fi |
||||
|
||||
# This needs to run in background |
||||
# Will prepopulate entries after ldap daemon has started |
||||
./prepopulate.sh & |
||||
|
||||
chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/ |
||||
else |
||||
slapd_configs_in_env=`env | grep 'SLAPD_'` |
||||
|
||||
if [ -n "${slapd_configs_in_env:+x}" ]; then |
||||
echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables" |
||||
fi |
||||
fi |
||||
|
||||
exec "$@" |
||||
|
||||
@ -1,30 +0,0 @@ |
||||
# Fork of https://github.com/dinkel/docker-openldap |
||||
|
||||
FROM debian:jessie |
||||
|
||||
LABEL maintainer="Grafana team <hello@grafana.com>" |
||||
|
||||
ENV OPENLDAP_VERSION 2.4.40 |
||||
|
||||
RUN apt-get update && \ |
||||
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ |
||||
slapd=${OPENLDAP_VERSION}* \ |
||||
ldap-utils && \ |
||||
apt-get clean && \ |
||||
rm -rf /var/lib/apt/lists/* |
||||
|
||||
RUN mv /etc/ldap /etc/ldap.dist |
||||
|
||||
EXPOSE 389 |
||||
|
||||
VOLUME ["/etc/ldap", "/var/lib/ldap"] |
||||
|
||||
COPY ldap-server/modules/ /etc/ldap.dist/modules |
||||
COPY ldap-server/prepopulate/ /etc/ldap.dist/prepopulate |
||||
|
||||
COPY ./entrypoint.sh /entrypoint.sh |
||||
COPY ./prepopulate.sh /prepopulate.sh |
||||
|
||||
ENTRYPOINT ["/entrypoint.sh"] |
||||
|
||||
CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"] |
||||
@ -1,33 +0,0 @@ |
||||
dn: cn=module,cn=config |
||||
cn: module |
||||
objectClass: olcModuleList |
||||
objectClass: top |
||||
olcModulePath: /usr/lib/ldap |
||||
olcModuleLoad: memberof.la |
||||
|
||||
dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config |
||||
objectClass: olcConfig |
||||
objectClass: olcMemberOf |
||||
objectClass: olcOverlayConfig |
||||
objectClass: top |
||||
olcOverlay: memberof |
||||
olcMemberOfDangling: ignore |
||||
olcMemberOfRefInt: TRUE |
||||
olcMemberOfGroupOC: groupOfNames |
||||
olcMemberOfMemberAD: member |
||||
olcMemberOfMemberOfAD: memberOf |
||||
|
||||
dn: cn=module,cn=config |
||||
cn: module |
||||
objectClass: olcModuleList |
||||
objectClass: top |
||||
olcModulePath: /usr/lib/ldap |
||||
olcModuleLoad: refint.la |
||||
|
||||
dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config |
||||
objectClass: olcConfig |
||||
objectClass: olcOverlayConfig |
||||
objectClass: olcRefintConfig |
||||
objectClass: top |
||||
olcOverlay: {1}refint |
||||
olcRefintAttribute: memberof member manager owner |
||||
@ -1,59 +0,0 @@ |
||||
dn: cn=ldap-editor,ou=users,dc=grafana,dc=org |
||||
mail: ldap-editor@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-editor |
||||
cn: ldap-editor |
||||
|
||||
dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org |
||||
mail: ldap-viewer@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-viewer |
||||
cn: ldap-viewer |
||||
|
||||
dn: cn=ldap-carl,ou=users,dc=grafana,dc=org |
||||
mail: ldap-carl@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-carl |
||||
cn: ldap-carl |
||||
|
||||
dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org |
||||
mail: ldap-daniel@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-daniel |
||||
cn: ldap-daniel |
||||
|
||||
dn: cn=ldap-leo,ou=users,dc=grafana,dc=org |
||||
mail: ldap-leo@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-leo |
||||
cn: ldap-leo |
||||
|
||||
dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org |
||||
mail: ldap-tobias@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-tobias |
||||
cn: ldap-tobias |
||||
@ -1,23 +0,0 @@ |
||||
dn: cn=admins,ou=groups,dc=grafana,dc=org |
||||
cn: admins |
||||
objectClass: groupOfNames |
||||
objectClass: top |
||||
|
||||
dn: cn=editors,ou=groups,dc=grafana,dc=org |
||||
cn: editors |
||||
objectClass: groupOfNames |
||||
member: cn=ldap-editor,ou=users,dc=grafana,dc=org |
||||
|
||||
dn: cn=backend,ou=groups,dc=grafana,dc=org |
||||
cn: backend |
||||
objectClass: groupOfNames |
||||
member: cn=ldap-carl,ou=users,dc=grafana,dc=org |
||||
member: cn=ldap-leo,ou=users,dc=grafana,dc=org |
||||
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org |
||||
|
||||
dn: cn=frontend,ou=groups,dc=grafana,dc=org |
||||
cn: frontend |
||||
objectClass: groupOfNames |
||||
member: cn=ldap-torkel,ou=users,dc=grafana,dc=org |
||||
member: cn=ldap-daniel,ou=users,dc=grafana,dc=org |
||||
member: cn=ldap-leo,ou=users,dc=grafana,dc=org |
||||
@ -1,38 +0,0 @@ |
||||
# Notes on Multiple OpenLdap Docker Block |
||||
|
||||
This is very similar to openldap docker block, but it creates multiple ldap servers instead of one. |
||||
|
||||
Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database. |
||||
|
||||
"admins-ldap-server" block contains admin group and admin users. The "ldap-server" block has all the rest of the users. See below for the full list of users. |
||||
|
||||
This blocks are here to help with testing multiple LDAP servers, for any other LDAP related development and testing "openldap" block should be used. |
||||
|
||||
## Enabling LDAP in Grafana |
||||
|
||||
Copy the ldap_dev.toml file in this folder into your `conf` folder (it is gitignored already). To enable it in the .ini file to get Grafana to use this block: |
||||
|
||||
```ini |
||||
[auth.ldap] |
||||
enabled = true |
||||
config_file = conf/ldap_dev.toml |
||||
; allow_sign_up = true |
||||
``` |
||||
|
||||
## Groups & Users |
||||
|
||||
admins |
||||
ldap-admin |
||||
ldap-torkel |
||||
backend |
||||
ldap-carl |
||||
ldap-torkel |
||||
ldap-leo |
||||
frontend |
||||
ldap-torkel |
||||
ldap-tobias |
||||
ldap-daniel |
||||
editors |
||||
ldap-editor |
||||
no groups |
||||
ldap-viewer |
||||
@ -1,14 +0,0 @@ |
||||
#!/bin/bash |
||||
|
||||
echo "Pre-populating ldap entries, first waiting for ldap to start" |
||||
|
||||
sleep 3 |
||||
|
||||
adminUserDn="cn=admin,dc=grafana,dc=org" |
||||
adminPassword="grafana" |
||||
|
||||
for file in `ls /etc/ldap/prepopulate/*.ldif`; do |
||||
ldapadd -x -D $adminUserDn -w $adminPassword -f "$file" |
||||
done |
||||
|
||||
|
||||
@ -1,9 +1,9 @@ |
||||
dn: ou=groups,dc=grafana,dc=org |
||||
dn: ou=groups,dc=srv1-grafana,dc=org |
||||
ou: Groups |
||||
objectclass: top |
||||
objectclass: organizationalUnit |
||||
|
||||
dn: ou=users,dc=grafana,dc=org |
||||
dn: ou=users,dc=srv1-grafana,dc=org |
||||
ou: Users |
||||
objectclass: top |
||||
objectclass: organizationalUnit |
||||
@ -0,0 +1,30 @@ |
||||
# ldap-admin-srv1 |
||||
dn: cn=ldap-admin-srv1,ou=users,dc=srv1-grafana,dc=org |
||||
mail: ldap-admin-srv1@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-admin-srv1 |
||||
cn: ldap-admin-srv1 |
||||
|
||||
dn: cn=ldap-editor-srv1,ou=users,dc=srv1-grafana,dc=org |
||||
mail: ldap-editor-srv1@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-editor-srv1 |
||||
cn: ldap-editor-srv1 |
||||
|
||||
dn: cn=ldap-viewer-srv1,ou=users,dc=srv1-grafana,dc=org |
||||
mail: ldap-viewer-srv1@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-viewer-srv1 |
||||
cn: ldap-viewer-srv1 |
||||
@ -0,0 +1,10 @@ |
||||
dn: cn=admins,ou=groups,dc=srv1-grafana,dc=org |
||||
cn: admins |
||||
objectClass: groupOfUniqueNames |
||||
objectClass: top |
||||
uniqueMember: cn=ldap-admin-srv1,ou=users,dc=srv1-grafana,dc=org |
||||
|
||||
dn: cn=editors,ou=groups,dc=srv1-grafana,dc=org |
||||
cn: editors |
||||
objectClass: groupOfUniqueNames |
||||
uniqueMember: cn=ldap-editor-srv1,ou=users,dc=srv1-grafana,dc=org |
||||
@ -1,9 +1,9 @@ |
||||
dn: ou=groups,dc=grafana,dc=org |
||||
dn: ou=groups,dc=srv2-grafana,dc=org |
||||
ou: Groups |
||||
objectclass: top |
||||
objectclass: organizationalUnit |
||||
|
||||
dn: ou=users,dc=grafana,dc=org |
||||
dn: ou=users,dc=srv2-grafana,dc=org |
||||
ou: Users |
||||
objectclass: top |
||||
objectclass: organizationalUnit |
||||
@ -0,0 +1,30 @@ |
||||
# ldap-admin-srv2 |
||||
dn: cn=ldap-admin-srv2-srv2,ou=users,dc=srv2-grafana,dc=org |
||||
mail: ldap-admin-srv2@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-admin-srv2 |
||||
cn: ldap-admin-srv2 |
||||
|
||||
dn: cn=ldap-editor-srv2,ou=users,dc=srv2-grafana,dc=org |
||||
mail: ldap-editor-srv2@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-editor-srv2 |
||||
cn: ldap-editor-srv2 |
||||
|
||||
dn: cn=ldap-viewer-srv2,ou=users,dc=srv2-grafana,dc=org |
||||
mail: ldap-viewer-srv2@grafana.com |
||||
userPassword: grafana |
||||
objectClass: person |
||||
objectClass: top |
||||
objectClass: inetOrgPerson |
||||
objectClass: organizationalPerson |
||||
sn: ldap-viewer-srv2 |
||||
cn: ldap-viewer-srv2 |
||||
@ -0,0 +1,10 @@ |
||||
dn: cn=admins,ou=groups,dc=srv2-grafana,dc=org |
||||
cn: admins |
||||
objectClass: groupOfUniqueNames |
||||
objectClass: top |
||||
uniqueMember: cn=ldap-admin-srv2,ou=users,dc=srv2-grafana,dc=org |
||||
|
||||
dn: cn=editors,ou=groups,dc=srv2-grafana,dc=org |
||||
cn: editors |
||||
objectClass: groupOfUniqueNames |
||||
uniqueMember: cn=ldap-editor-srv2,ou=users,dc=srv2-grafana,dc=org |
||||
Loading…
Reference in new issue