-
Notifications
You must be signed in to change notification settings - Fork 11.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP multiple group_search_base_dns not respected #17137
Comments
Hi there!
Can you clarify that bit? Which version specifically do you use? Or it's just any 6.x? |
Hi @markelog Any 6.x version.. ( I doubt the exists in 5.x as well..) |
Gotcha! Thanks :) |
We are now refactoring LDAP logic, so I'm hoping to check this issue as well |
Hi @markelog . Thanks for the update. We would like to see some enhancements as well.
QQ : Is there any llimitations in the number of mappings we can configure in LDAP? In large companies, we used to have 30 to 50 orgs one for each team. Each org have 5-10 viewer AD groups and couple of editor AD groups. So it is painful to maintain a big LDAP.toml file. PS: Please don't let me down by saying **These featrues will be available in commercial / paid version" 😄 |
Requested a feedback from our grafana enterprise master @xlson about this :).
I don't think so, do you have any particular issues with it?
Mm, do you have any suggestions in mind on how to improve it? How many users in total are we talking about?
There is no plans like that, and those features do not look like enterprise ones to me :). |
Hi @markelog . Thanks for the response. We have 1000+ plus users spread across 56 Orgs/teams. Each grafana org have 4 to 10 ldap mappings.
LDAP config file may be reconfigured somthing like this..
or something like this
whichever works well.. |
Thanks for the numbers! We are currently doing benchmarks with LDAP stuff, so it's very useful
Interesting, looks concise to me, we would have to consider the back-compat tho Also, this -
Will be available in 6.2 (we are not yet documented it tho). In the the nutshell, you would need to send a POST request to |
Adding a data-point to this; I have an AD forest that I'm querying, and based on the documentation I have done the following with Grafana 6.5.1 (grafana/grafana:latest on Docker Hub)
|
What happened:
When using multiple group_search_base_dns in LDAP.toml, only the first entry in that array is used.
I confirmed this by swapping the order of the entries. Whatever the order, only the first is considered.
After enabling the logging, it does show groups from only first entry.
Similar issue reported earlier in this grafana community page
Environment:
The text was updated successfully, but these errors were encountered: