On Mon, Mar 3, 2025 at 7:07 PM Michael Peddie michael.peddie@gallagher.com wrote:
Hi Milosz,
I don't think what I did is exactly what you asked for, but it shows exactly how I've done it and provides access to you. I created a fork and just added the lines in there, the links to each addition are:
- init var to None
https://gitlab.com/MichaelPed/lava/-/blob/master/lava_server/settings/common...
- get config value with values.get()
https://gitlab.com/MichaelPed/lava/-/blob/master/lava_server/settings/common...
- run if and eval config value and set
https://gitlab.com/MichaelPed/lava/-/blob/master/lava_server/settings/common...
Feel free to work with it as you like, I made no other changes elsewhere other than maybe a print in the addldapuser command code to see the value of settings.AUTH_LDAP_MIRROR_GROUPS (which showed it was correctly set everytime, as far as I could tell). If you need anything more from me, let me know and I will do my best.
This is good enough.
If I read the docs correctly this setting should be either set to "True" or to a list of groups you want to mirror: https://django-auth-ldap.readthedocs.io/en/latest/reference.html#std-setting...
I think the last part of this patch isn't really needed (lines 533-536). If you have AUTH_LDAP_MIRROR_GROUPS in your settings as described here https://docs.lavasoftware.org/lava/authentication.html it should be sufficient. Note, that the groups are only updated when user is authenticated through LDAP.
I don't have access to LDAP at this moment, so I can't test it, but IMHO your patch looks OK and should work. Try removing the lines 533-536, restarting and re-logging.
I hope it helps.
Best Regards, Milosz