fix(ldap): fixed issue with ldap group to grafana org role syncing, #1450

10 years ago · 50895c7e37
parent 66a37aa945
commit 50895c7e37
2 changed files with 21 additions and 0 deletions
--- a/pkg/login/ldap.go
+++ b/pkg/login/ldap.go
@ -172,6 +172,7 @@ func (a *ldapAuther) syncOrgRoles(user *m.User, ldapUser *ldapUserInfo) error {
 		for _, org := range orgsQuery.Result {
 			if group.OrgId == org.OrgId {
 				match = true
+				break
 			}
 		}

@ -181,6 +182,7 @@ func (a *ldapAuther) syncOrgRoles(user *m.User, ldapUser *ldapUserInfo) error {
 			if err := bus.Dispatch(&cmd); err != nil {
 				return err
 			}
+			break
 		}
 	}

--- a/pkg/login/ldap_test.go
+++ b/pkg/login/ldap_test.go
@ -178,6 +178,25 @@ func TestLdapAuther(t *testing.T) {
 			})
 		})

+		ldapAutherScenario("given multiple matching ldap groups and no existing groups", func(sc *scenarioContext) {
+			ldapAuther := NewLdapAuthenticator(&LdapServerConf{
+				LdapGroups: []*LdapGroupToOrgRole{
+					{GroupDN: "cn=admins", OrgId: 1, OrgRole: "Admin"},
+					{GroupDN: "*", OrgId: 1, OrgRole: "Viewer"},
+				},
+			})
+
+			sc.userOrgsQueryReturns([]*m.UserOrgDTO{})
+			err := ldapAuther.syncOrgRoles(&m.User{}, &ldapUserInfo{
+				MemberOf: []string{"cn=admins"},
+			})
+
+			Convey("Should take first match, and ignore subsequent matches", func() {
+				So(err, ShouldBeNil)
+				So(sc.addOrgUserCmd.Role, ShouldEqual, m.ROLE_ADMIN)
+			})
+		})
+
 	})
 }