Servers.group_mappings with auth.proxy


#1

Hi all,

I am using LDAP with servers.group_mappings config, with 1 org for 1 user schema. (I have around 200 users, so 200 orgs)
I use LDAP authentication, and it works great.

I want to delegate authentication to SSO server (with same LDAP in backend), in order to avoid unnecessary logins.
I have setup apache server with auth_mod_cas, and login is OK.

My problem is that I does not longer have servers.group_mappings support, so all my users fall into Main Org.

Is there a way for me to get this back ? (I get LDAP group attribute available in set of attributes SSO server delivers to apache whern login is OK)

Thanks
Thomas


#2

reply to myself, we can use both auth.proxy and ldap config


#3

Hi Thomas,

I’m facing exactly the same challenge however my SSO/SAML authentication is independent of my LDAP servers. (the group membership assertions are different than the group names in LDAP).
We’ve been using LDAP authentication and based on group membership assigned the orgs.
Now I’m missing that feature in Grafana the same way as it was possible with LDAP.

I guess you just kept the LDAP.toml config and just disabled auth.ldap? Or how is your setup?

Thanks,
Reinhard