Merge pull request #21 from k-304/netbox-ldap-standby

Allow enabling/disabling of LDPA always update user option (#21) * Allow enabling/disabling of ldap always update user option * Fix typo
cloudscale-ch · May 29, 2024 · d9171a0 · d9171a0
1 parent dc2a392
commit d9171a0
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/ansible/roles/netbox/defaults/main.yml b/ansible/roles/netbox/defaults/main.yml
@@ -510,7 +510,15 @@ netbox__ldap_object_owner_rdn: 'uid={{ lookup("env", "USER") }}'
 netbox__ldap_object_ownerdn: '{{ ([netbox__ldap_object_owner_rdn, netbox__ldap_people_rdn]
                                   + netbox__ldap_base_dn) | join(",") }}'
                                                                    # ]]]
+
+# .. envvar:: netbox__ldap_always_update_user [[[
+#
+# Always update users in database upon login.
+# Needs False for secondary nodes with read-only Database.
+netbox__ldap_always_update_user: True
                                                                    # ]]]
+                                                                   # ]]]
+
 # LDAP connection options [[[
 # ---------------------------
 

diff --git a/ansible/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2 b/ansible/roles/netbox/templates/usr/local/lib/netbox/ldap_config.py.j2
@@ -88,3 +88,6 @@ AUTH_LDAP_USER_ATTR_MAP = {
     "last_name": environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
     "email": environ.get('AUTH_LDAP_ATTR_MAIL', 'mailAddress')
 }
+
+# Set to False to allow LDAP logins on secondary (read-only DB) instances
+AUTH_LDAP_ALWAYS_UPDATE_USER = {{ netbox__ldap_always_update_user }}