Use LDAP user groups as variable in a dashboard?

  • What Grafana version and what operating system are you using?
    Version 10.1.4 (commit: a676a96d91, branch: HEAD)
  • What are you trying to achieve?
    We’re using LDAP for authentication for our users to be able to login. Ultimately, I would like to create a dashboard that a user can log in to and have some information displayed using their logged-in username as a variable to display things like quotas and usage. I’m currently doing this and it works correctly.

The piece I’m stumped on - I want to use their LDAP groups as a variable for the dashboard.

So, if user1 is in the groups: group1, group2, group3

A dashboard variable will be set up automatically for group1,group2,group3

And then I’ll have a row that repeats for each variable in the group variable.

  • How are you trying to achieve it?
    Our LDAP server doesn’t use the memberOf attribute but I found the lines
## Group search filter, to retrieve the groups of which the user is a member (only set if memberOf attribute is not available)
group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
## An array of the base DNs to search through for groups. Typically uses ou=groups
group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
## the %s in the search filter will be replaced with the attribute defined below
group_search_filter_user_attribute = "uid"

I’ve included that in the ldap.toml and restarted the server. My current version of grafana isn’t showing me anything on the admin panel related to LDAP other than a little “LDAP” next to the users entry under the Origin column in the Users Table. Documentation suggests that there should be a “LDAP” section I should be able to go to and debug?

  • What happened?
    I am able to connect as expected with an ldap user. I am not however seeing where the group information is listed, or a way to debug it - so I’m not sure how to proceed exactly.

Found that I needed to update to 10.1.5 to fix the LDAP not being seen in the authentication panel issue.

Attached is a screenshot of the test for a user. I’m not sure where I would expect group info to populate with my current config - but I’m not seeing it?