src/authentic2/backends/ldap_backend.py

@@ -549,6 +549,7 @@ class LDAPBackend:
         'page_size': 100,
         'authentication': True,
         'provisionning': True,
+        'synchronisation': True,
     }
     _REQUIRED = ('url', 'basedn')
     _TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')
@@ -1645,6 +1646,9 @@ class LDAPBackend:
 
     @classmethod
     def get_users_for_block(cls, block):
+        if not block['synchronisation']:
+            log.info('Synchronization deactivated for realm "%s"', block['realm'])
+            return
         log.info('Synchronising users from realm "%s"', block['realm'])
         conn = cls.get_connection(block, synchronization=True)
         if conn is None:

tests/test_ldap.py

@@ -317,6 +317,31 @@ def test_connection_timeout_options(slapd, wraps_ldap_set_option, db, settings):
     assert network_timeout_set
 
 
+def test_connection_get_users_with_deactivated_sync(slapd, db, settings, caplog):
+    settings.LDAP_AUTH_SETTINGS = [
+        {
+            'url': [slapd.ldap_url],
+            'basedn': 'o=ôrga',
+            'bindsasl': (),
+            'binddn': force_str(DN),
+            'bindpw': PASS,
+            'global_ldap_options': {},
+            'require_cert': 'demand',
+            'cacertfile': '',
+            'cacertdir': '',
+            'certfile': cert_file,
+            'keyfile': key_file,
+            'use_tls': False,
+            'referrals': False,
+            'ldap_options': {},
+            'connect_with_user_credentials': True,
+            'synchronisation': False,
+        }
+    ]
+    assert len(list(ldap_backend.LDAPBackend.get_users())) == 0
+    assert 'Synchronization deactivated for realm "ldap"' in caplog.text
+
+
 def test_simple(slapd, settings, client, db):
     settings.LDAP_AUTH_SETTINGS = [
         {