A script to get Grafana users, teams and their permissions from an LDAP server and keep it in sync.
Install all dependencies
pip install -r requirements.txtThe script can be simply run with:
python run.pyIf you just want to test the script, there is an example.csv predefined. Just enter your grafana credentials in the config.yml. The used LDAP-Server can be found here.
Before starting the script you need to enter your grafana & ldap credentials in the config.yml. You also need to add the path to your .csv file containing the bindings.
To bind LDAP-groups to grafana-teams and grant these teams access to folders you need to provide a .csv file. Please note that the first row of the csv is recognized as a header-row and is therefore being ignored. The file needs to contain the following information in this exact order:
LDAP-Group, Grafana-Team Name, Grafana-Team ID, Grafana-Folder ID, Grafana-Folder UUID, Grafana-Folder Permission Missing folders, teams and users will be created by the script.
Possible Grafana-Folder permissions are:
- View
- Edit
- Admin
When a binding is removed in your .csv-file, this binding is also removed by the script. So if there is a team in your grafana instance which is not defined by the current binding the team will be deleted. This also applies to users. This does not apply to folders! Folders need to be deleted manually if not needed anymore!