mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
LDAP: users without org mappings are marked as disabled (#26650)
* LDAP: users without org mappings are marked as disabled * Update pkg/services/ldap/ldap.go Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> * LDAP: verifies that unmapped users are tagged as isDisabled Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
This commit is contained in:
parent
35c67606ce
commit
c266f45858
@ -427,6 +427,12 @@ func (server *Server) buildGrafanaUser(user *ldap.Entry) (*models.ExternalUserIn
|
||||
}
|
||||
}
|
||||
|
||||
// If there are group org mappings configured, but no matching mappings,
|
||||
// the user will not be able to login and will be disabled
|
||||
if len(server.Config.Groups) > 0 && len(extUser.OrgRoles) == 0 {
|
||||
extUser.IsDisabled = true
|
||||
}
|
||||
|
||||
return extUser, nil
|
||||
}
|
||||
|
||||
|
@ -113,8 +113,37 @@ func TestLDAPPrivateMethods(t *testing.T) {
|
||||
result, err := server.serializeUsers(users)
|
||||
|
||||
So(err, ShouldBeNil)
|
||||
So(result[0].IsDisabled, ShouldBeFalse)
|
||||
So(result[0].Name, ShouldEqual, "Roel")
|
||||
})
|
||||
|
||||
Convey("a user without matching groups should be marked as disabled", func() {
|
||||
server := &Server{
|
||||
Config: &ServerConfig{
|
||||
Groups: []*GroupToOrgRole{{
|
||||
GroupDN: "foo",
|
||||
OrgId: 1,
|
||||
OrgRole: models.ROLE_EDITOR,
|
||||
}},
|
||||
},
|
||||
Connection: &MockConnection{},
|
||||
log: log.New("test-logger"),
|
||||
}
|
||||
|
||||
entry := ldap.Entry{
|
||||
DN: "dn",
|
||||
Attributes: []*ldap.EntryAttribute{
|
||||
{Name: "memberof", Values: []string{"admins"}},
|
||||
},
|
||||
}
|
||||
users := []*ldap.Entry{&entry}
|
||||
|
||||
result, err := server.serializeUsers(users)
|
||||
|
||||
So(err, ShouldBeNil)
|
||||
So(len(result), ShouldEqual, 1)
|
||||
So(result[0].IsDisabled, ShouldBeTrue)
|
||||
})
|
||||
})
|
||||
|
||||
Convey("validateGrafanaUser()", t, func() {
|
||||
|
Loading…
Reference in New Issue
Block a user