Hi
We use ldap/ad as our primary authentication source. Some users belong to multiple organizations. However the membership to these organizatons are lost upon logoff and logon, what can we do about this?
Kind regards
Theo
What do you mean by lost? There is no option to switch org (see below) in the user menu? And it is gone from the database and from the org_user table?
Daniel,
Yes, the option to switch org is gone. It is also gone from the database. We tested that it was not yet gone upon logoff. Only when you login again.
Theo
Are you mixing ldap/ad sync with some manual administration in Grafana or is it just ldap sync?
We have Active Directory (auth.ldap) and anonymous (auth.anonymous) enabled. Only the original admin user is still available but hardly used.
-
What does you mapping look like (can you paste it here with sensitive parts removed)?
-
Are you mapping one ldap org to many Grafana orgs or one ldap org to one grafana org?
Here is an example of mapping multiple orgs:
https://localhost:3000/t/many-to-many-group-dn-org-role-mapping-in-ldap-config/729
[[servers.group_mappings]]
group_dn = "CN=Design,OU=Admin,OU=Role,OU=Groups,DC=snakeoil,DC=nl"
org_role = “Admin”
[[servers.group_mappings]]
group_dn = "CN=Engineer,OU=Admin,OU=Role,OU=Groups,DC=snakeoil,DC=nl"
org_role = “Admin”
Did you try with the org_id mapping like in the example I linked to?
Yes I did. And it seems to work. I will test with another account this morning as well
Daniel,
It works!! Thanks for the assistance.
1 Like