From dfd65537ed68b3862b809f1ebf04577f6be6895e Mon Sep 17 00:00:00 2001 From: Ken <8758440+k-304@users.noreply.github.com> Date: Mon, 15 Apr 2024 15:34:39 +0200 Subject: [PATCH] Merge pull request #21 from k-304/netbox-ldap-standby Allow enabling/disabling of LDPA always update user option (#21) * Allow enabling/disabling of ldap always update user option * Fix typo --- ansible/roles/netbox/defaults/main.yml | 8 ++++++++ .../templates/usr/local/lib/netbox/ldap_config.py.j2 | 3 +++ 2 files changed, 11 insertions(+) diff --git a/ansible/roles/netbox/defaults/main.yml b/ansible/roles/netbox/defaults/main.yml index 8d16a2d5ea..ec8461898f 100644 --- a/ansible/roles/netbox/defaults/main.yml +++ b/ansible/roles/netbox/defaults/main.yml @@ -510,7 +510,15 @@ netbox__ldap_object_owner_rdn: 'uid={{ lookup("env", "USER") }}' netbox__ldap_object_ownerdn: '{{ ([ netbox__ldap_object_owner_rdn, netbox__ldap_people_rdn ] + netbox__ldap_base_dn) | join(",") }}' # ]]] + +# .. envvar:: netbox__ldap_always_update_user [[[ +# +# Always update users in database upon login. +# Needs False for secondary nodes with read-only Database. +netbox__ldap_always_update_user: True # ]]] + # ]]] + # LDAP connection options [[[ # --------------------------- diff --git a/ansible/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2 b/ansible/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2 index b96b43bf0b..c5699edb43 100644 --- a/ansible/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2 +++ b/ansible/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2 @@ -88,3 +88,6 @@ AUTH_LDAP_USER_ATTR_MAP = { "last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'), "email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mailAddress') } + +# Set to False to allow LDAP logins on secondary (read-only DB) instances +AUTH_LDAP_ALWAYS_UPDATE_USER = {{ netbox__ldap_always_update_user }}