I’m trying to achieve configuration where there are 5 organizations in grafana and I can manipulate membership and roles in this configuration simply by adding/removing LDAP users from groups. For ex. member of LDAP group
grafana_1_admins should be an Admin in “Org #1”, member of group `grafana_3_viewers should be a Viewer in “Org #3” and so on.
In order to achieve this I’ve made following steps:
- Login as default admin user,
- Create organizations “Org #1”, “Org #2”, etc.
- Delete organization “admin@localhost” (default created after login).
With this setup I was expecting that after LDAP user log in to grafana, he will be dropped into first organization matched by LDAP group mappings rules. Instead of that, I’m getting error “Cannot remove last organization admin”. After turning
auto_assign_org param on, LDAP user is able to log in, but “Main Org” is automatically created and user is dropped into that organisation. I can for sure tell that group mappings are correct because user is also assigned to properly mapped organisations.
What can I do to achieve the desired setup?