Auth: auto assign org id when logging in with ldap #80470
Conversation
dmihai
changed the title
| Email: id.Email, | ||
| Name: id.Name, | ||
| IsAdmin: isAdmin, | ||
| OrgID: id.OrgID, |
There was a problem hiding this comment.
I'm guessing it's because we assume the user orgs will be handled in https://github.com/grafana/grafana/blob/63cd5a5625c22dcb5603b10d54228363bcaa70a6/pkg/services/authn/authnimpl/sync/org_sync.go ?
Can't think right now of side effects of this
There was a problem hiding this comment.
Me neither. But I think we need to set SkipOrgSetup: len(id.OrgRoles) > 0
There was a problem hiding this comment.
If I'm setting SkipOrgSetup then the org id won't be auto assigned with the value from the ini file. Maybe we can come up with a better condition here, something like len(id.OrgRoles) > 0 and id is not coming from ldap, but I don't know if we can do that.
| orgID := r.OrgID | ||
| if orgID == 0 { | ||
| orgID = identity.OrgID | ||
| } | ||
|
|
There was a problem hiding this comment.
This can probably break some things, I think orgID = 0 is used in some global contexts
There was a problem hiding this comment.
I made some tests without this part and it seems to be working as well. I think I can remove it and leave only the changes from the s.userService.Create func parameters from this file.
|
Closed in favour of #83918. |
What is this feature?
Use AutoAssignOrgId from config as default org.
Why do we need this feature?
[Add a description of the problem the feature is trying to solve.]
Who is this feature for?
[Add information on what kind of user the feature is for.]
Which issue(s) does this PR fix?:
Fixes https://github.com/grafana/support-escalations/issues/8661.
Special notes for your reviewer:
Please check that: