From 4262c476e5d1596d3bfe8e94d14f2dbce380964f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Cabrera=20Mi=C3=B1agorri?=
 <macabrera@bitnami.com>
Date: Thu, 26 Sep 2019 09:39:00 +0200
Subject: [PATCH] Add LDAP documentation to README.md

---
 bitnami/grafana/README.md | 64 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 64 insertions(+)

diff --git a/bitnami/grafana/README.md b/bitnami/grafana/README.md
index 935b189fe0..cf3b0036f8 100644
--- a/bitnami/grafana/README.md
+++ b/bitnami/grafana/README.md
@@ -174,6 +174,70 @@ $ helm install --name my-release -f ./values-production.yaml bitnami/grafana
 + ingress.enabled: true
 ```
 
+### LDAP configuration
+To enable LDAP authentication it is needed to provide a ConfigMap with the Grafana LDAP configuration file. For instance:
+
+**configmap.yaml**:
+```
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ldap-config
+data:
+  ldap.toml: |-
+      [[servers]]
+      # Ldap server host (specify multiple hosts space separated)
+      host = "ldap"
+      # Default port is 389 or 636 if use_ssl = true
+      port = 389
+      # Set to true if ldap server supports TLS
+      use_ssl = false
+      # Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
+      start_tls = false
+      # set to true if you want to skip ssl cert validation
+      ssl_skip_verify = false
+      # set to the path to your root CA certificate or leave unset to use system defaults
+      # root_ca_cert = "/path/to/certificate.crt"
+      # Authentication against LDAP servers requiring client certificates
+      # client_cert = "/path/to/client.crt"
+      # client_key = "/path/to/client.key"
+
+      # Search user bind dn
+      bind_dn = "cn=admin,dc=example,dc=org"
+      # Search user bind password
+      # If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
+      bind_password = 'admin'
+
+      # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+      # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
+      search_filter = "(uid=%s)"
+
+      # An array of base dns to search through
+      search_base_dns = ["ou=People,dc=support,dc=example,dc=org"]
+
+      # group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
+      # group_search_filter_user_attribute = "distinguishedName"
+      # group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
+
+      # Specify names of the ldap attributes your ldap uses
+      [servers.attributes]
+      name = "givenName"
+      surname = "sn"
+      username = "cn"
+      member_of = "memberOf"
+      email =  "email"
+```
+
+Create the ConfigMap into the cluster:
+```bash
+$ kubectl create -f configmap.yaml
+```
+
+And deploy the Grafana Helm Chart using the existing ConfigMap:
+```bash
+$ helm install bitnami/grafana --set ldap.enabled=true,ldap.configMapName=ldap-config,ldap.allowSignUp=true
+```
+
 ### Supporting HA (High Availability)
 
 To support HA Grafana just need an external database where store dashboards, users and other persistent data.