Auth.proxy and auth.ldap enabled. LDAP Admin user screw up after the organization creation

Hello there,

This issue looks very similar to LDAP auth - strange behaviour upon first login

My goal is a classic one: to have n ldap groups mapped against n different organizations. In the ldap.tmol my servers group mapping look like this:

group_dn = "CN=group1, OU=Workgroups,DC=mycompany,DC=com"
org_role = "Admin"
org_id = 1

group_dn = "CN=group2, OU=Workgroups,DC=mycompany,DC=com"
org_role = "Admin"
org_id = 2

My admin_user belongs to group1.

The issue:

  1. I login with my admin_user. It works! In the console I can see something like: *msg=“Got Ldap User Info” logger=ldap user="(login.LdapUserInfo)…
  2. I create the organizations
  3. I logout
  4. In the next login with admin_user I get Failed to sync user in the web browser, and in the console: Cannot remove last organization admin

I have found a workaround that is login with one user that belongs to each of the organizations. After I have one user per organization the admin_user can login again. For my dev environment this can be OK, but for a production setup (apache httpd + shibboleth + grafana) does not seem very convenient…

Any thoughts on this?

Thanks in advance,


ps: Thanks for the Grafana Authproxy article, very useful and works like a charm!

Grafana version: Grafana v4.6.3 (commit: 7a06a47). Built from grafana/grafana docker image

This should be fixed in Grafana >=5.1, can you try upgrading?