夜莺-Nightingale
夜莺V6
项目介绍 架构介绍
快速开始
黄埔营
安装部署
升级
采集器
使用手册
API
数据库表结构
FAQ
开源生态
Prometheus
版权声明
第1章:天降奇兵
第2章:探索PromQL
第3章:Prometheus告警处理
第4章:Exporter详解
第5章:数据与可视化
第6章:集群与高可用
第7章:Prometheus服务发现
第8章:监控Kubernetes
第9章:Prometheus Operator
参考资料

Configuration Example

# Enable LDAP authentication, default is false
Enable = true
# Hostname or IP address of the LDAP server, client will connect to this server for authentication
Host = '10.99.0.170'
# Port number of the LDAP server, default port is 389
Port = 389
# Starting point in the LDAP directory tree, all search operations will be performed under this base DN
BaseDn = 'dc=n9e,dc=com'
# User DN used to bind to the LDAP server
BindUser = 'cn=binduser,dc=n9e,dc=com'
# Password for the user binding to the LDAP server
BindPass = '1234'
# LDAP search filter for finding users, %s will be replaced with the actual username
AuthFilter = "(&(sAMAccountName=%s))"
# Whether to override user attributes, set to true means existing user attributes will be overwritten when synchronizing user information from LDAP
CoverAttributes = true
# Whether to override team settings
CoverTeams = false
# Whether to enable TLS connection
TLS = false
# Whether to enable StartTLS
StartTLS = false
# Default roles for users in the system
DefaultRoles = ['Guest']
# Default teams for users in the system
DefaultTeams = [21]

# User attribute mapping
[Attributes]
# Maps to displayName in LDAP
Nickname = 'displayName'
# Maps to mobile in LDAP
Phone = 'mobile'
# Email maps to mail in LDAP
Email = 'mail'

Detailed Explanation of Basic Configuration

Enable = true is the switch for LDAP configuration;

Host = '10.99.0.170' should be filled with the hostname or IP address of the LDAP server;

Port = 389 corresponds to the LDAP service port, default port is 389;

BaseDn = 'dc=n9e,dc=com' is the starting point of the LDAP service directory tree (as shown in the figure below);

ldap01

BindUser = 'cn=binduser,dc=n9e,dc=com' is the user DN used to bind to the LDAP server. This user needs sufficient permissions to search for users and verify credentials; (this user needs to be created in LDAP first and set permissions)

BindPass = '1234' is the password for the user binding to the LDAP server;

Below is a simple example of LDAP configuration for creating binduser and acl:

1. Create bind user file binduser.ldif
root@9a90f3b798ee:/# cat binduser.ldif 
# Entry for bind user
# Note: Replace cn/dc related information
dn: cn=binduser,dc=n9e,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
cn: binduser
sn: Bind
uid: binduser
userPassword: 1234
uidNumber: 10000
gidNumber: 10000
homeDirectory: /home/binduser

2. Create bind user acl file
root@9a90f3b798ee:/# cat binduser-acl.ldif 
# Add ACL for bind user
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
# Note: Replace dc/cn and other related information
olcAccess: to dn.subtree="dc=n9e,dc=com"
  by dn.exact="cn=binduser,dc=n9e,dc=com" read
  by * none
 
3. Create bind user, note to modify dc/cn information, fill in admin's password after -w parameter
ldapadd -x -D "cn=admin,dc=n9e,dc=com" -w 1234 -f binduser.ldif

4. Add bind user acl, note to modify dc/cn information, fill in admin's password after -w parameter
ldapmodify -x -D "cn=admin,dc=n9e,dc=com" -w 1234 -f binduser-acl.ldif

ldap02

TLS = false option is true|false, enable according to LDAP settings.

StartTLS = false option is true|false, enable according to LDAP settings.

DefaultRoles = ['Guest'] sets the account permissions for LDAP accounts after logging into Nightingale, options are Admin/Standard/Guest;

DefaultTeams = [21] sets the business group ID that LDAP accounts belong to after logging into Nightingale (as shown in the figure below);

ldap03

Other configurations can be kept default if there are no special needs. After modifying and saving the configuration information, you can test logging in with LDAP accounts.

ldap04

ldap05

开源版
Flashcat
Flashduty