OpenLDAP Installation on Ubuntu | Grafana OpenLDAP Authentication | Grafana OpenLDAP Integration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone welcome to my channel this is bues after a long time I'm connecting it again so what are we going to do today so we this this is a lot of request that is coming up how to do a authentication using open open alap with grafana so today we are trying to do the same thing with the help of small you know demo we'll be doing open Plus graan installation on 2 machine and see how we can access E2 instance if you have not likeed And subscribe theel please do that because there are lot of FY videos industry use cases that are there in the same channel under Gana kubernetes and open Telemetry playlist and dat of playlist also okay so let's get back to the agenda quickly and let's see what we can do in the today's session so you know open L app is definitely uh used for managing all the users okay with creating different different groups so we creating an installing a open app today and then we'll be installing Gana onto ec2 instance uh and then we'll be doing the configuration and integration with the openal with Gana so that users can be created and prop appropriate rights can be given like admin admin editor and users and viewers basically in G and then we'll create three groups admins editors and viewers and then see how access are being you know segregated as for the different group so let's get get back to the uh the real deal for this so I have created a data page so you can see there's a read me page which contains all the installation steps and then finally we have a certain demo to show that how we can create user and authenticate user the help of open Gana now to do this I have created a small E2 instance micro E2 instance and uh there's a public IP and uh we need you need to make sure that you're opening certain ports if you see I have opened certain ports for important activities like we have uh 3,000 port for Gana 22 is for SSH and then 389 port for open alab so we need to make sure that 83,000 22 and 389 ports are open from any E2 instance or if it is local then that's okay local machine will also work fine so let's start with the installation directly so yeah uh first of all we'll install the open L uh binary on to R2 instance so we'll just simply run these commands so I've already you know uh open my E2 instance so that Things become easy for installations I'll do that installation quickly in this we are installing open L server so I not say okay so this is my DNS no you know DNS name that you want to set it up you can give give it any for now I'm just giving test at test.com organization name I'm giving uh test LP you can give some any other organization if you want and the administration password oh now I'm just giving admin only so admin is my user admin is my password a DM i n perfect it no I've just selected all default configurations and then this has been installed I'll just do a firewall allow for that alep so yeah it is already there now this is about open EP installation B is already installed now it it is really very difficult to add a user uh you know with the help of command so now we'll install open GUI so that we can you know perform all the operations pretty easily right now I'm just installing the GUI for this I'll open this file okay and then I'll come on to the there are certain things that we need to you know modify into this file this is the configuration file for this phpl D admin we can install this binary with the help of docker also I mean but in this tutorial we just taking all the binaries and similarly you can do everything on Docker everything on kubernetes okay so just to go control W we'll search that keyword uh set value you can see I came to here so whatever is your name just change the name of the alap server okay and then you can see below you need to give this uh uh the the domain name that you have provided okay and then and then follow the two three things onto your file so that uh it becomes easy for uh you know configuration so I'll you know exit that file now I'll open the browser and see whether I'm able to open uh this open L app uh separately also so we do HTTP we can uh install the secure version also for that you need to have a valid certificate so yeah that you can either take it from let encrypt or somewh else PC and then PHP okay so all right I need to log in okay I'll do a login now for logging This Server uh we need to give this login details you can give any other name admin was my uh user ID and admin was the password when I set it up let's authenticate this okay I'm authenticated there's nothing in the tree structure now we need to create certain um different different OU okay now what we have seen in particular in my in my past experience whenever you you know log into this you sometime you get some kind of you know weird messages this is especially in the case of over so you need to install this the hot fix and this those messages will go away perfect now you need to create organization unit called as group I'm first of all creating OU I'll click here I'll create a child entry I'll select the OU gener OU and then put group so create objects from it now you'll see my OU groups have been created I create groups uh different different three groups under this OU okay I'll do a child entry I'll do a POS six group and then I'll do admin I hope I'm yes admins perfect now you'll see under OU my admin group is created right now I'll create one user under this create child entry create a user account I'll give the name first name as last name as Sharma and I'll give the password as bage for the time being okay G number admins login shell bash once user is created you need to attach to the group okay first of all let me create a user perit now user is creat click on the group and select add new attributes so this is very important normally we see that my user is created but it is not attached to groups I'll click on the groups add a new attribute okay and then select member U ID and then give 1,000 update the group update object okay and then I modify the members and then I'll ask I'll add uh B Sharma to my admin now this will make sure my user uh B is now acting as a admin so you can come here now this is acting as admin now fine so this is the first group that I have created it now I'll create another group called as editors so I'll again click on the ous groups click child entry did a editor this time e d i t o RS editor okay I don't I W want to se M as editor commit my editor is there I'll create a child entry I'll create a user account let me give John is John last name is Sharma John is the password editors MH create object comit so I'll do the same thing I'll add new attribute add the member U ID I'll give you ID 101 update update object and then I'll add John as a editor perfect now I have one admin one editor Let Me me create viewers also create child entry create a POS group viewers p i e w RS viewers viewer group is created now I'll click here create a child entry create user I'll create Sam Sharma Sam Tam viers Dash update commit click on viewers add new attribute member U ID 1002 update update object then I'll add my final users Sam as a viewers perfect now my ldap thing is done okay I simply need to integrate this ldap with My Gana so so I'll move on to Second Step sorry third step install Grau so this is a very simple step I'm not going to do it again because I already have my grafana up and rning you can either follow these documentation or you can follow any of my earlier videos in the same grafana playlist I've done it for a number of ways okay so I'll skip this part how to install graan onu box fairly easy so consider you know gra is already running I'll just come here and check whether the gra is already running or not let me quickly check it from the yeah Status server yes kpana is running 17 minutes ago now the important part uh configure open L configuration and integration so we need to first of all go to this location CD grafana where we have all the binaries okay I'll do a S so okay so these are the file so you first of all we need to enable this grafana ini file so that it can use this L.L file okay so I'll just do Vim of grafana ini okay now you see I will find this configuration and we need to make sure that all H app is enabl to okay one second Bim okay I need to search this piece or hel app go to that location yes so all elap is true and all these three lines are uncommented allow sign up should be true Etc grafana to BU up 2ml so this is the file which is responsible for passing the configuration bu up configuration to grafana so configuration is enabled now I'll just come out of this file and I'll just see this ldap 2ml file now either you can modify this file or you can copy the file which I have it in my you know this repository so let me quickly explain this since my open L app is installed onto the same E2 inst that is the reason I've kept is a local host otherwise you need to give the public IP of that server where you have elap you know installed Port is 39 because because it's unsecure if it is a secure one then you need to pass 636 and if it is a secure one you have the certificate then you can use this ssls Pro and then you can pass the certificate key and CC right this is how you can simply make your open L from unsecure to secure perfect now you move further uh this is your uh bind uh uh ID for admin so you can see this is the one which we using for and this is a password the same is being you can see here uh you need to change this host name here password and then search filter now you slowly you come down this is the important piece to understand not everyone able to debug these things search filter should be uid equals to uh percentage s and this you can easily verify by by clicking any of your editor and then if you see internal attributes you can see things like this okay all the internal variables CN given name what is this CN okay all these things now if it is you need to give a proper DNS so you can uh repace this with your R DNS thir filter is something because we have created POS group okay P DNS you need to give because we have created OU group so in your case if you creating a different OU different organization unit you need to give that name and then the same DC lb and dc.com right search filter is U ID and then this is the filtration that will happen given name surname username now the important thing to understand is the below you section let me explain you from the machine so what we are seeing uh the lb will do the filtration with this TN admins oou groups TC test lb.com so if I show you the same thing okay CN admins can you see this line CN admins OU groups test L app same thing so whatever users under this group will fall into the category of will fall into the category of admin group in Gana so this is the organization of Gana this is the group DN for open lb similarly for editors in open lb it will fall to the editor role of Gana and the remaining whatever is not there in admin and editor will fall to the viewer so this is the file that you need to really understand I'll just come out of this file you can simply copy paste this file from my repository and then paste it over there okay let me restart uh the grafana so that it should pick up the latest file top server start let me see the status perfect so it is running let me open uh the grafana url grafana url should be the public URL colon 3,000 because we have already opened that Port perfect now I'll do admin I'm not logging with the elap user for I'm just want to to show you that from where you can check all these things Administration and then you come to authentication see elep is enabled now you see this is the open L that I have configured let just uh my first user okay it is coming out to be admin see perfect so B Sharma is my first user and other one was John J Sharma J Sharma coming out to be editor perfect and then my f Sharma s Sharma is coming as a viewer perfect there's no match so no match will go to that location this is really interesting let me sign out and then log in with the B Sharma ID password of SC if you remember that right now I'm just trying to log in with the L see now I'm logged in with the ldap ID uh the ldap authentication if I click on profile this is admin so the beautyy the beauty of admin user is I can see each and every panel and the moment I you know logged in with editor you will be see only minimal you know icons like you will not be able to Administration tab I'll show you the editor user also so suppose in an organization in a team someone wants to be an admin role and someone needs to be editor role and you know all the management users wants to have a viewer role in this fashion you can you know coordinate all your user management okay with the help of L authentication fine so I'll just open a new incognito window so that there's no confusion okay I'll just do a 3,000 now I'll try to login with the you know editor okay editor was John I guess J Sharma and John is my password let's see okay I'm able to log in and John Sharma is it Ed is he editor yes he's an editor okay let me see what all he can see see he cannot see the administration tab he can see dashboard okay he can see explore window correct now I I'll uh there's nothing other things have been installed so I'm not there nothing is coming now what I'll do I just sign out this and then I'll just log in another Incognito to see the viewer which was the third person right uh Sam Sam was a viewer I'll just do this okay yes Sharma okay s perfect now you can see this is a viewer and viewer cannot see anything see not even Explore not even nothing the viewer has a very very bare minimum you know right okay so you can see viewer can also just see the alerting or you can configure all those things also right so this is pretty much about how we can you know uh this is all about user management how we can install Gana how we can on open lb the GUI part and then uh create users in open lb something like this and then communicate to grafana so that the management is happening from open L and you can see uh everything with the help of uh you know the way we saw right you can simply come here and then with the help of admin you can see whether your open L has been properly configured or not right so so so you can come here authentication you can see here you can see if it is activated then it will come as a double you know tick so that was a quick summary let me do a quick review what we did we installed open alab we installed open L GUI URL and then we did not inst because it was already installed we need to explain this and then we did a configuration in integration of GRA with the open we created three users one was admin one was editor and another was user for review and then we logged in with all three users you know one by one separately on graphon and we were able to see all the only the relevant panels we did not see everything so let us wrap up this video you know till here and if you have any doubt and clarification especially on this topic because this is something very off the track topic not everyone is aware about how to do the user authentication with the Gana using open Alf so you can check out my other video on the authentication using awf Cognito in the same playlist but I will you know leave it to the leave it to the you uh for checking all those things before you go do not forget to like And subscribe the channel from here so that you can get a lot of videos pertaining to all these important important you know devop related terminologies bye P good good day

Info

Channel: Bhoopesh Sharma

Views: 237

Rating: undefined out of 5

Keywords: Openldap, admins, editors, grafana, grafana authentication, grafana tutorial, ldap, ldap and active directory, ldap apache, ldap apache active directory, ldap apache setup, ldap authentication, ldap basic, ldap beginners, ldap connection, ldap connection https, ldap create apache server, ldap create connection, ldap create server, ldap server, ldap server tutorial, ldap setup, ldap start server, ldap tutorial, open ldap, openldap tutorial, users, what is ldap?

Id: z8IYATGjTcc

Channel Id: undefined

Length: 22min 17sec (1337 seconds)

Published: Sat Feb 10 2024