r/grafana: Allow configuring LDAP CA cert

The `grafana_ldap_root_ca_cert` can be used to set the path to the root CA certificate (bundle) Grafana uses to validate the certificate presented by the configured LDAP server. By default, Grafana uses the system root CA trust store, but this variable can be used in situations where this is not suitable.
2022-08-10 21:24:29 -05:00
parent b3403268a8
commit 7c654031f0
1 changed files with 4 additions and 0 deletions
--- a/roles/grafana/templates/ldap.toml.j2
+++ b/roles/grafana/templates/ldap.toml.j2
@@ -14,7 +14,11 @@ start_tls = {{ grafana_ldap_start_tls|bool|string|lower }}
 # set to true if you want to skip ssl cert validation
 ssl_skip_verify = false
 # set to the path to your root CA certificate or leave unset to use system defaults
+{% if grafana_ldap_root_ca_cert|d %}
+root_ca_cert = "{{ grafana_ldap_root_ca_cert }}"
+{% else %}
 # root_ca_cert = "/path/to/certificate.crt"
+{% endif %}
 # Authentication against LDAP servers requiring client certificates
 # client_cert = "/path/to/client.crt"
 # client_key = "/path/to/client.key"