added example grafana.ini and ldap.toml for exemplary ldap setup

Author: Jens Plüddemann

docker-compose.yml

@@ -1,9 +1,14 @@
 services:
   grafana:
-    image: grafana/grafana:11.2.2
+    image: grafana/grafana:11.5.2
     restart: unless-stopped
     volumes:
       - grafana-storage:/var/lib/grafana
+      - ./grafana.ini:/etc/grafana/grafana.ini:ro
+      - ./ldap.toml:/etc/grafana/ldap.toml:ro
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"]
       interval: 1m

grafana.ini

@@ -0,0 +1,11 @@
+; enable ldap auth
+[auth.ldap]
+enabled = true
+; set to true to allow users to sign up
+; with the ldap sync script users are created and don't need to sign up
+; without the ldap sync script users need to sign up with their first login and so this would need to be set to true
+allow_sign_up = false
+
+; enable debug logging for ldap
+[log]
+filters = ldap:debug

ldap.toml

@@ -0,0 +1,40 @@
+[[servers]]
+host = "ldap.forumsys.com"
+port = 389
+use_ssl = false
+start_tls = false
+ssl_skip_verify = false
+
+# Search user bind dn
+bind_dn = "cn=read-only-admin,dc=example,dc=com"
+bind_password = "password"
+
+# Search filter to find users
+search_filter = "(|(uid=%s)(mail=%s))"
+
+# The search base for users
+search_base_dns = ["dc=example,dc=com"]
+
+# Group search configuration
+group_search_filter = "(&(objectClass=groupOfUniqueNames)(uniqueMember=%s))"
+group_search_filter_user_attribute = "dn"
+group_search_base_dns = ["dc=example,dc=com"]
+
+# Attribute mapping
+[servers.attributes]
+name = "cn"
+surname = "sn"
+username = "uid"
+email = "mail"
+
+# Scientists group -> Admin role in Org 1 and grafana admin
+[[servers.group_mappings]]
+group_dn = "ou=scientists,dc=example,dc=com"
+org_role = "Admin"
+grafana_admin = true
+
+# Everyone else -> Viewer
+[[servers.group_mappings]]
+group_dn = "*"
+org_role = "Viewer"
+grafana_admin = false