We have a setup where LDAP is enabled and LDAP users are mapped to one org. We have other organizations, where users are manually created. However, when any user - including non-LDAP users - try to change their password from their user preferences page, they are shown a message
You cannot change password when ldap or auth proxy authentication is enabled.
Is this by design, or am I missing something? Should Grafana not keep track of which users are managed via LDAP and which are “internal” users managed by Grafana, and allow the latter to change their passwords? By the way, it does seem possible to change all user passwords from the Server Admin page (even for LDAP users…)
Thanks for the clarification, I suppose that makes sense for the majority of use cases.
Quick follow-up question: if we turn off LDAP authentication, would all users that were enrolled through LDAP be “lost”? Or would they remain in the local database (perhaps with passwords needing to be reset)? We’re looking to transition away from LDAP, and would like for it to be relatively painless
