A script to get Grafana users, teams and their permissions from an LDAP server and keep it in sync.
Install all dependencies
pip install -r requirements.txtThe script can be simply run with:
python run.pyBefore starting the script you need to enter your grafana & ldap credentials in the config.yml file and add the path to the .csv file containing the bindings to the config.yml.
To bind LDAP-Groups to Grafana-Teams and grant these teams access to folders you need to provide a csv-file. Please note that the first row of the csv is recognized as a header-row and is therefore being ignored. The file needs to contain the following information in this exact order:
LDAP-Group, Grafana-Team Name, Grafana-Team ID, Grafana-Folder ID, Grafana-Folder UUID, Grafana-Folder Permission
Possible permissions are:
- View
- Edit
- Admin
When a binding is removed in your .csv-file, this binding is also removed by the script. So if there is a team in your grafana instance which is not defined by the current binding the team will be deleted. This also applies to users. This does not apply to folders! Folders need to be deleted manually if not needed anymore!