Today, the mapping between LDAP groups and organizations is in grafana toml, whereas the organizations are managed using the rest service (and stored in DB).
Moreover, the organization are reference by their id instead of full name (org path).
This causes updates to organizations to be very tricky : first, you creare org via REST service, then, you take the new orgId then you add the mapping between orgId and ldap group in the toml file, then, you restart grafana (in case of a HA grafana, the toml of all instances must be updated).
To simplify administration of Grafana, I think we lack functions (REST or CLI) to manage security mappings.
Do you know if they are in backlog ?
If not, what do you think about implementing such securtity API in a administration CLI ?