I’ve setup LDAP authentication to my AD, which is working correctly. I created two groups: “Grafana-Admins” and “Grafana-Editors”. When I add users directly to these groups, it works. But if I add another group as a nested member to these groups, it does not. I read the documentation on this issue but honestly it just made me more confused, and every group search filter I try to set up does not work.
This is my current ldap.toml:
[[servers]] host = "my-dc-1 my-dc-2" port = 3269 use_ssl = true start_tls = false ssl_skip_verify = true # Search user bind dn bind_dn = "CORP\\%s" search_filter = "(sAMAccountName=%s)" # An array of base dns to search through search_base_dns = ["dc=corp,dc=mydc,dc=com"] group_search_filter = "(member:1.2.840.113518.104.22.1681:=cn=%s,ou=Outsourcing,ou=Domain Users,ou=mydomain)" group_search_filter_user_attribute = "cn" [servers.attributes] name = "givenName" surname = "sn" username = "sAMAccountName" member_of = "memberOf" email = "mail" [[servers.group_mappings]] group_dn = "cn=Grafana-Admins,ou=Domain Groups,ou=mydomain,dc=corp,dc=mydc,dc=com" org_role = "Admin" [[servers.group_mappings]] group_dn = "cn=Grafana-Editors,ou=Domain Groups,ou=mydomain,dc=corp,dc=mydc,dc=com" org_role = "Editor"
Can anyone give me an example of a group search filter which will work correctly and identify all groups, including nested ones? Or tell me what’s wrong with my current one?