2021-02-07 18:42:17 +01:00
|
|
|
# graylog-groups configuration example / documentation
|
|
|
|
# =====================================================
|
|
|
|
|
|
|
|
# LDAP server configuration
|
|
|
|
# --------------------------
|
2021-02-07 15:05:35 +01:00
|
|
|
ldap:
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# The LDAP server's host name or IP address. REQUIRED.
|
2021-02-07 15:05:35 +01:00
|
|
|
host: ldap.example.org
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Port number - usually 389 for clear/starttls or 636 for TLS. Defaults to
|
|
|
|
# 389.
|
2021-02-07 15:05:35 +01:00
|
|
|
port: 636
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# TLS mode. This must be either "yes" for the non-standard, pure TLS mode,
|
|
|
|
# "starttls" for TLS over a clear connection, or "no" to use a clear
|
|
|
|
# connection. Defaults to "no".
|
|
|
|
tls: yes
|
|
|
|
|
2021-02-08 23:23:16 +01:00
|
|
|
# Skip server certificate check. Defaults to false.
|
|
|
|
tls_skip_verify: false
|
|
|
|
|
2021-02-07 18:42:17 +01:00
|
|
|
# CA certificate chain. Can be omitted if the systems' trusted CAs must be
|
|
|
|
# used, or if no TLS is being used.
|
2021-02-07 15:05:35 +01:00
|
|
|
cachain: /path/to/ca/chain.pem
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# LDAP user (as a DN) and password to bind with. Both fields may be omitted
|
|
|
|
# if anonymous binding is to be used.
|
|
|
|
bind_user: cn=graylog,ou=automation,dc=example,dc=org
|
|
|
|
bind_password: drowssap
|
|
|
|
|
|
|
|
# LDAP attributes which may contain either the UIDs or the DNs of the groups'
|
|
|
|
# members. If the fields contain the DN, the first element will be extracted
|
|
|
|
# and used as the username. REQUIRED.
|
2021-02-07 15:05:35 +01:00
|
|
|
member_fields:
|
|
|
|
- member
|
|
|
|
- uniqueMember
|
|
|
|
- memberUid
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Graylog server info
|
|
|
|
# --------------------
|
2021-02-07 15:05:35 +01:00
|
|
|
graylog:
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# API base URL. REQUIRED.
|
2021-02-07 15:05:35 +01:00
|
|
|
api_base: https://graylog.example.org/api
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Username and password to use to authenticate to the API. REQUIRED
|
2021-02-07 15:05:35 +01:00
|
|
|
username: admin
|
|
|
|
password: drowssap
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Should accounts be deleted when they no longer have any privileges? Warning,
|
|
|
|
# this option is rather dangerous. Can be omitted, defaults to false.
|
2021-02-07 15:05:35 +01:00
|
|
|
delete_accounts: false
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Group -> privileges mappings
|
|
|
|
# -----------------------------
|
2021-02-07 15:05:35 +01:00
|
|
|
mapping:
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Each entry in this table must use a LDAP group name as its key.
|
2021-02-07 15:05:35 +01:00
|
|
|
cn=g1,ou=groups,dc=example,dc=org:
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# List of Graylog roles that users in this group should have. The names
|
|
|
|
# must match the ones in the Graylog administration section.
|
2021-02-07 15:05:35 +01:00
|
|
|
roles:
|
|
|
|
- Reader
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Privileges on various Graylog objects. This is a list of records.
|
2021-02-07 15:05:35 +01:00
|
|
|
privileges:
|
2021-02-07 18:42:17 +01:00
|
|
|
|
|
|
|
# Each privilege record includes a type of object (either "dashboard" or
|
|
|
|
# "stream"), an identifier (which is generated by Graylog, and must be
|
|
|
|
# extracted from the pages' URLs or from the API) and a level, which may
|
|
|
|
# be either "read" or "write", the latter implying the former. Should an
|
|
|
|
# user be a member of groups that grant both privilege levels, the highest
|
|
|
|
# level will be kept.
|
2021-02-07 15:05:35 +01:00
|
|
|
- type: dashboard
|
|
|
|
id: 12345
|
|
|
|
level: read
|
2021-02-07 18:42:17 +01:00
|
|
|
|
2021-02-07 15:05:35 +01:00
|
|
|
- type: stream
|
|
|
|
id: 12345
|
|
|
|
level: read
|
2021-02-07 18:42:17 +01:00
|
|
|
|
2021-02-07 15:05:35 +01:00
|
|
|
cn=g2,ou=groups,dc=example,dc=org:
|
|
|
|
roles:
|
|
|
|
- Event Definition Creator
|
|
|
|
- Event Notification Creator
|
|
|
|
privileges:
|
|
|
|
- type: dashboard
|
|
|
|
id: 12345
|
|
|
|
level: write
|