[Feature Request] Add grafana.ini-settings to change behavior of allowed invites to account for enterprisey environments

[PaulKlumpp]

• I'm submitting a ...

• Bug report
• Feature request
• Question / Support request: Please do not open a github issue. Support Options

..in relation to Issue #6567, we need a grafana.ini-setting(s) that controls whether..

• Org-Admins are allowed to invite people that can't be found through the LDAP-settings (username or email attribute in LDAP).
• Org-Admins are allowed to invite people by an external email-address (an email-address that's not found inside LDAP or local grafana-db)

Please include this information:

• What Grafana version are you using?
  v3.1.1 (commit: a4d2708)
• What datasource are you using?
  Elasticsearch/InfluxDB
• What OS are you running grafana on?
  Linux, RHEL 7.2
• What did you do?
  I invited a user by an email address. Only LDAP signups are allowed and general user signup is disallowed.
• What was the expected result?
  I expected that it would deny my Invite if I gave an email address, because I only allow LDAP users to sign up and log in. So, it would allow my invite if I gave an LDAP-user with that username or an LDAP-user with that email address.
• What happened instead?
  It created a new user with an email-address as "username" in the grafana-db. That user is a local user. Thus, the user could login and was then part of that organization he was invited to.

Corresponding settings could look like this in grafana.ini - using a new section to control it:

[invites]
enabled = true
allow_by_email = true
allow_external_emails = false
allow_by_username = true
search_db = true
search_ldap = true

In this constellation, it would be..

• generally allowed to invite someone.
• allowed to invite someone by an email address.
  • grafana would then look through existing users having that email address in the grafana-db.
  • if not found already: grafana would need to look through existing users having that email address in ldap, if ldap-configuration is set (see email attribute).
• allowed to invite someone by a username.
  • grafana would need to look through existing users having that username in grafana-db
  • if not found already: grafana would need to look through existing users having that username in ldap, if ldap-configuration is set (see username attribute)

If search_ldap was false, it would not try to get a user from LDAP and only search the grafana-db.

If not even found in grafana-db and the invite given was an email address, it would need allow_external_emails to be true to send an email to the outside world.

As first step in development the "enabled" key would kinda suffice. At the current behavior, I would disable invites.

[tcheronneau]

Any news on this topic ?
It seems to me it could be really important in a production environment to be able to deactivate invite.

[Hedinisey]

Still no news on this topic :(
This feature would be very useful!

[bogski87]

so was this implemented or not? A thread on the forums says the config documentation details how to disable invites but there is nothing in there and no options in the config file