LDAP: Add skip_org_role_sync configuration option (#56679)

* LDAP: Add skip_org_role_sync option * Document the new config option * Nit on docs * Update docs/sources/setup-grafana/configure-security/configure-authentication/ldap.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Docs suggestions Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com> * Add test, Fix disabled user when no role Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Jguer <joao.guerreiro@grafana.com>
2025-02-25 18:55:37 -06:00 · 2022-10-12 13:33:33 +02:00
parent 72b9555487
commit 10c080dad1
10 changed files with 175 additions and 12 deletions
--- a/public/app/features/admin/UserAdminPage.tsx
+++ b/public/app/features/admin/UserAdminPage.tsx
@@ -105,7 +105,7 @@ export class UserAdminPage extends PureComponent<Props> {

  render() {
    const { user, orgs, sessions, ldapSyncInfo, isLoading } = this.props;
-    const isLDAPUser = user && user.isExternal && user.authLabels && user.authLabels.includes('LDAP');
+    const isLDAPUser = user?.isExternal && user?.authLabels?.includes('LDAP');
    const canReadSessions = contextSrv.hasPermission(AccessControlAction.UsersAuthTokenList);
    const canReadLDAPStatus = contextSrv.hasPermission(AccessControlAction.LDAPStatusRead);
    const isOAuthUserWithSkippableSync =
@@ -113,9 +113,10 @@ export class UserAdminPage extends PureComponent<Props> {
    const isSAMLUser = user?.isExternal && user?.authLabels?.includes('SAML');
    const isUserSynced =
      !config.auth.DisableSyncLock &&
-      ((user?.isExternal && !(isOAuthUserWithSkippableSync || isSAMLUser)) ||
+      ((user?.isExternal && !(isOAuthUserWithSkippableSync || isSAMLUser || isLDAPUser)) ||
        (!config.auth.OAuthSkipOrgRoleUpdateSync && isOAuthUserWithSkippableSync) ||
-        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser));
+        (!config.auth.SAMLSkipOrgRoleSync && isSAMLUser) ||
+        (!config.auth.LDAPSkipOrgRoleSync && isLDAPUser));

    const pageNav: NavModelItem = {
      text: user?.login ?? '',
@@ -137,9 +138,13 @@ export class UserAdminPage extends PureComponent<Props> {
                onUserEnable={this.onUserEnable}
                onPasswordChange={this.onPasswordChange}
              />
-              {isLDAPUser && featureEnabled('ldapsync') && ldapSyncInfo && canReadLDAPStatus && (
-                <UserLdapSyncInfo ldapSyncInfo={ldapSyncInfo} user={user} onUserSync={this.onUserSync} />
-              )}
+              {!config.auth.LDAPSkipOrgRoleSync &&
+                isLDAPUser &&
+                featureEnabled('ldapsync') &&
+                ldapSyncInfo &&
+                canReadLDAPStatus && (
+                  <UserLdapSyncInfo ldapSyncInfo={ldapSyncInfo} user={user} onUserSync={this.onUserSync} />
+                )}
              <UserPermissions isGrafanaAdmin={user.isGrafanaAdmin} onGrafanaAdminChange={this.onGrafanaAdminChange} />
            </>
          )}