Add AUTH_LDAP_ALWAY_UPDATE_USER to ldap config #1470
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change exposes the Django setting AUTH_LDAP_ALWAYS_UPDATE_USER as environment variable to simplify deployments with readonly databases and LDAP based authentication as no extra file is required to be mounted into the container anymore.
tobiasge
approved these changes
Jun 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change exposes the Django setting AUTH_LDAP_ALWAYS_UPDATE_USER as environment variable to simplify deployments with readonly databases and LDAP based authentication as no extra file is required to be mounted into the container anymore.
Related Issue: #1364
New Behavior
The Django Auth LDAP parameter AUTH_LDAP_ALWAYS_UPDATE_USER is exposed as environment variable.
Contrast to Current Behavior
To change the parameter from its default value (e.g. in readonly DB environments) it is required to create en extra file (extra.py) and mount it into the container.
Discussion: Benefits and Drawbacks
There are scenarios where NetBox might be deployed in Maintenance Mode connected to a readonly database in combination with LDAP based authentication. In this scenario, an additional Python configuration file has to be created to set the parameter AUTH_LDAP_ALWAYS_UPDATE_USER to False in order to prevent Django from updating the last_login field of the user.
This file as to be deployed and mounted into the container which unnecessarily increases deployment complexity.
With this change, the parameter can be specified via container environment variable along all other LDAP related settings.
Changes to the Wiki
None
Proposed Release Note Entry
Expose AUTH_LDAP_ALWAYS_UPDATE_USER via environment variable
Double Check
developbranch.