Initial version
This is a Go program which can synchronize Graylog 4 roles and access privileges to dashboards and streams from a LDAP directory, based on a YAML configuration file that maps LDAP groups to Graylog privileges. The code is rather ugly, some features are half-baked (LDAP TLS support, impossible to disable HTTP TLS checks, bad error handling...) and some documentation needs to be added but it's a start.
This commit is contained in:
commit
91be691ea4
4 changed files with 467 additions and 0 deletions
35
graylog-groups.yml.example
Normal file
35
graylog-groups.yml.example
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
ldap:
|
||||
host: ldap.example.org
|
||||
port: 636
|
||||
tls: yes # or no / starttls
|
||||
cachain: /path/to/ca/chain.pem
|
||||
#bind_user:
|
||||
#bind_password:
|
||||
member_fields:
|
||||
- member
|
||||
- uniqueMember
|
||||
- memberUid
|
||||
graylog:
|
||||
api_base: https://graylog.example.org/api
|
||||
username: admin
|
||||
password: drowssap
|
||||
delete_accounts: false
|
||||
mapping:
|
||||
cn=g1,ou=groups,dc=example,dc=org:
|
||||
roles:
|
||||
- Reader
|
||||
privileges:
|
||||
- type: dashboard
|
||||
id: 12345
|
||||
level: read
|
||||
- type: stream
|
||||
id: 12345
|
||||
level: read
|
||||
cn=g2,ou=groups,dc=example,dc=org:
|
||||
roles:
|
||||
- Event Definition Creator
|
||||
- Event Notification Creator
|
||||
privileges:
|
||||
- type: dashboard
|
||||
id: 12345
|
||||
level: write
|
||||
Loading…
Add table
Add a link
Reference in a new issue