I’m using Grafana version 4.6.3 installed on CentOS 6 machine with LDAP integration.
All users in our company should have Editor role in main (default) org except one group which should be restricted to the main org, and they need access to a dedicated org (org_id=3).
#All users getting Editor on main Org
[[servers.group_mappings]]
group_dn = "*"
org_role = “Editor”
Now when a user from the excluded group logged in he has access to both main org and dedicated org (org_id=3).
According to the documentation, the first group mapping that is matched will be used for LDAP sync, If you have LDAP users that fit multiple mappings, the topmost mapping in the TOML config will be used.
It seems that this is not the excepted behavior or I misunderstood the documentation above.
How can I achieve the exception group behavior when one group should get only org_id=3 while all the other should have access to org_id=1 ?
Please enable verbose logging and check the Grafana server log when a user from the excluded group authenticates. Include the result here for further support.
# Set to true to log user information returned from LDAP
verbose_logging = true