fix(ldap): minor fixes, should not have any real impact, #2421

conf/ldap.toml

@@ -36,7 +36,7 @@ org_role = "Admin"
 # The Grafana organization database id, optional, if left out the default org (id 1) will be used
 # org_id = 1
 
-[[server.group_mappings]]
+[[servers.group_mappings]]
 group_dn = "cn=users,dc=grafana,dc=org"
 org_role = "Editor"
 

pkg/login/ldap.go

@@ -85,11 +85,12 @@ func (a *ldapAuther) getGrafanaUserFor(ldapUser *ldapUserInfo) (*m.User, error)
 	for _, ldapGroup := range a.server.LdapGroups {
 		if ldapUser.isMemberOf(ldapGroup.GroupDN) {
 			access = true
+			break
 		}
 	}
 
 	if !access {
-		log.Info("Ldap Auth: user %s does not belong in any of the specified ldap groups", ldapUser.Username)
+		log.Info("Ldap Auth: user %s does not belong in any of the specified ldap groups, ldapUser groups: %v", ldapUser.Username, ldapUser.MemberOf)
 		return nil, ErrInvalidCredentials
 	}
 

pkg/login/ldap_test.go

@@ -54,7 +54,9 @@ func TestLdapAuther(t *testing.T) {
 		ldapAutherScenario("Given no existing grafana user", func(sc *scenarioContext) {
 			ldapAuther := NewLdapAuthenticator(&LdapServerConf{
 				LdapGroups: []*LdapGroupToOrgRole{
-					{GroupDN: "cn=users", OrgRole: "Admin"},
+					{GroupDN: "cn=admin", OrgRole: "Admin"},
+					{GroupDN: "cn=editor", OrgRole: "Editor"},
+					{GroupDN: "*", OrgRole: "Viewer"},
 				},
 			})
 
@@ -63,7 +65,7 @@ func TestLdapAuther(t *testing.T) {
 			result, err := ldapAuther.getGrafanaUserFor(&ldapUserInfo{
 				Username: "torkelo",
 				Email:    "my@email.com",
-				MemberOf: []string{"cn=users"},
+				MemberOf: []string{"cn=editor"},
 			})
 
 			So(err, ShouldBeNil)