You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Question / Support request: Please do not open a github issue. Support Options
..in relation to Issue #6567, we need a grafana.ini-setting(s) that controls whether..
Org-Admins are allowed to invite people that can't be found through the LDAP-settings (username or email attribute in LDAP).
Org-Admins are allowed to invite people by an external email-address (an email-address that's not found inside LDAP or local grafana-db)
Please include this information:
What Grafana version are you using?
v3.1.1 (commit: a4d2708)
What datasource are you using?
Elasticsearch/InfluxDB
What OS are you running grafana on?
Linux, RHEL 7.2
What did you do?
I invited a user by an email address. Only LDAP signups are allowed and general user signup is disallowed.
What was the expected result?
I expected that it would deny my Invite if I gave an email address, because I only allow LDAP users to sign up and log in. So, it would allow my invite if I gave an LDAP-user with that username or an LDAP-user with that email address.
What happened instead?
It created a new user with an email-address as "username" in the grafana-db. That user is a local user. Thus, the user could login and was then part of that organization he was invited to.
Corresponding settings could look like this in grafana.ini - using a new section to control it:
grafana would then look through existing users having that email address in the grafana-db.
if not found already: grafana would need to look through existing users having that email address in ldap, if ldap-configuration is set (see email attribute).
allowed to invite someone by a username.
grafana would need to look through existing users having that username in grafana-db
if not found already: grafana would need to look through existing users having that username in ldap, if ldap-configuration is set (see username attribute)
If search_ldap was false, it would not try to get a user from LDAP and only search the grafana-db.
If not even found in grafana-db and the invite given was an email address, it would need allow_external_emails to be true to send an email to the outside world.
As first step in development the "enabled" key would kinda suffice. At the current behavior, I would disable invites.
The text was updated successfully, but these errors were encountered:
so was this implemented or not? A thread on the forums says the config documentation details how to disable invites but there is nothing in there and no options in the config file
..in relation to Issue #6567, we need a grafana.ini-setting(s) that controls whether..
Please include this information:
v3.1.1 (commit: a4d2708)
Elasticsearch/InfluxDB
Linux, RHEL 7.2
I invited a user by an email address. Only LDAP signups are allowed and general user signup is disallowed.
I expected that it would deny my Invite if I gave an email address, because I only allow LDAP users to sign up and log in. So, it would allow my invite if I gave an LDAP-user with that username or an LDAP-user with that email address.
It created a new user with an email-address as "username" in the grafana-db. That user is a local user. Thus, the user could login and was then part of that organization he was invited to.
Corresponding settings could look like this in grafana.ini - using a new section to control it:
In this constellation, it would be..
If search_ldap was false, it would not try to get a user from LDAP and only search the grafana-db.
If not even found in grafana-db and the invite given was an email address, it would need allow_external_emails to be true to send an email to the outside world.
As first step in development the "enabled" key would kinda suffice. At the current behavior, I would disable invites.
The text was updated successfully, but these errors were encountered: