LDAP group_search_base_dns multiple DNs

#1

We have a rather large ADS installation, and I’m currently trying to specify two locations to search within group_search_base_dns.

The documentation seems to imply this an array so I’d think you could specify multiple locations to search for groups, but in testing this doesn’t seem to work and it only seems to look at memberships in the first location.

Currently the entry looks something like this:

group_search_base_dns = [“OU=Groups,OU=Department,OU=location,DC=ads,DC=example,DC=org”, “OU=Department,OU=Groups,OU=Managed,DC=ads,DC=example,DC=org”]

Only groups in the first location get processed. I’ve switched the order, so I know there is nothing wrong with group membership or issues reading the group objects. So am I reading the documentation wrong, or is this a bug?

Thanks,

Eric

1 Like
#2

in grafana.ini enable ldap logging:

[log]
filters = ldap:debug

Actually this should not be needed as it logs an Info message when search a user group dn. The code does loop through all group dns and search them all, maybe there is an error or something that is causing the second group not to be searched.

Please check you grafana.log

#3

@torkel I am also having same issue. Only the first entry works.