Auth Proxy improvements - adds the option to use ldap groups for authorization in combination with an auth proxy - adds an option to limit where auth proxy requests come from by configure a list of ip's - fixes a security issue, session could be reused

CHANGELOG.md

@@ -5,6 +5,7 @@
 * **Dashboard**: Posting empty dashboard result in corrupted dashboard [#5443](https://github.com/grafana/grafana/issues/5443)
 
 ### Enhancements
+* **Login**: Allow role and organisation mapping with ldap after Proxy auth. [#6895](https://github.com/grafana/grafana/pull/6895)
 * **Postgres**: Add support for Certs for Postgres database [#6655](https://github.com/grafana/grafana/issues/6655)
 * **Victorops**: Add VictorOps Notification Integration [#6411](https://github.com/grafana/grafana/issues/6411)
 * **Singlestat**: New aggregation on singlestat panel [#6740](https://github.com/grafana/grafana/pull/6740)

pkg/login/ldap_test.go

@@ -1,6 +1,7 @@
 package login
 
 import (
+	"crypto/tls"
 	"testing"
 
 	"github.com/go-ldap/ldap"
@@ -288,6 +289,10 @@ func (c *mockLdapConn) Search(*ldap.SearchRequest) (*ldap.SearchResult, error) {
 	return c.result, nil
 }
 
+func (c *mockLdapConn) StartTLS(*tls.Config) error {
+    return nil
+}
+
 func ldapAutherScenario(desc string, fn scenarioFunc) {
 	Convey(desc, func() {
 		defer bus.ClearBusHandlers()

pkg/middleware/auth_proxy_test.go

@@ -17,7 +17,7 @@ func TestAuthProxyWithLdapEnabled(t *testing.T) {
 		setting.AuthProxyLdapSyncTtl = 60
 
 		servers := []*login.LdapServerConf{{Host: "127.0.0.1"}}
-		login.ldapCfg = login.LdapConfig{Servers: servers}
+		login.LdapCfg = login.LdapConfig{Servers: servers}
 		mockLdapAuther := mockLdapAuthenticator{}
 
 		login.NewLdapAuthenticator = func(server *login.LdapServerConf) login.ILdapAuther {