在2.5dashhboard启动监控grafana对接ldap

作者	王哲
团队	Filed&&Suppoort
编写时间	2021/5/19
类型	监控功能使用问题

开启grafana ldap认证

1、进入集群-应用商店-rancher-monitoring-编辑升级

2、添加配置参数开启ldap

以yaml文件编辑在grafana.grafana.ini层级下添加

    auth.ldap:
      allow_sign_up: true
      config_file: /etc/grafana/ldap.toml

3、配置对接ldap认证

继续编辑yaml,在grafana层级下添加以下内容：

  ldap:
    config: |
      [[servers]] 
      host = "172.16.51.62" 
      port = 389 
      use_ssl = false 
      start_tls = false 
      ssl_skip_verify = true 
      bind_dn = "cn=admin,dc=rancherldap,dc=com"
      bind_password = 'Rancher123' 
      search_filter = "(cn=%s)" 
      search_base_dns = ["ou=rancher,dc=rancherldap,dc=com"] 
      [servers.attributes] 
      name = "givenName" 
      surname = "sn" 
      username = "cn" 
      member_of = "memberOf" 
      email = "email"
    enabled: true

ldap.toml配置文件实例：

请根据实际情况进行修改，配置文件参数解释请点击链接官方文档

[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "127.0.0.1"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if LDAP server should use an encrypted TLS connection (either with STARTTLS or LDAPS)
use_ssl = false
# If set to true, use LDAP with STARTTLS instead of LDAPS
start_tls = false
# set to true if you want to skip SSL cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"

# Search user bind dn
bind_dn = "cn=admin,dc=grafana,dc=org"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = 'grafana'

# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
# Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
search_filter = "(cn=%s)"

# An array of base dns to search through
search_base_dns = ["dc=grafana,dc=org"]

# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_filter_user_attribute = "distinguishedName"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]

# Specify names of the LDAP attributes your LDAP uses
[servers.attributes]
member_of = "memberOf"
email =  "email"

4、配置成功后点击升级

5、等待升级成功后重新登陆grafana

使用admin用户登录默认密码为prom-operator

在server admin这里可以看到ldap已经开启，选择一个用户进行搜索测试

#在2.5dashhboard启动监控grafana对接ldap

#开启grafana ldap认证

#1、进入集群-应用商店-rancher-monitoring-编辑升级

#2、添加配置参数开启ldap

#3、配置对接ldap认证

#4、配置成功后点击升级

#5、等待升级成功后重新登陆grafana

#6、配置用户角色

在2.5dashhboard启动监控grafana对接ldap

开启grafana ldap认证

1、进入集群-应用商店-rancher-monitoring-编辑升级

2、添加配置参数开启ldap

3、配置对接ldap认证

4、配置成功后点击升级

5、等待升级成功后重新登陆grafana

6、配置用户角色