From b555ccd54937257db1eef4980301b4366da7750e Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens@goauthentik.io>
Date: Mon, 9 Jan 2023 17:19:50 +0100
Subject: [PATCH] sources/ldap: don't run membership sync if group sync is
 disabled

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

#4392
---
 authentik/sources/ldap/sync/membership.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/authentik/sources/ldap/sync/membership.py b/authentik/sources/ldap/sync/membership.py
index 8875fac7d..6343fbcef 100644
--- a/authentik/sources/ldap/sync/membership.py
+++ b/authentik/sources/ldap/sync/membership.py
@@ -22,6 +22,9 @@ class MembershipLDAPSynchronizer(BaseLDAPSynchronizer):
 
     def sync(self) -> int:
         """Iterate over all Users and assign Groups using memberOf Field"""
+        if not self._source.sync_groups:
+            self.message("Group syncing is disabled for this Source")
+            return -1
         groups = self._source.connection.extend.standard.paged_search(
             search_base=self.base_dn_groups,
             search_filter=self._source.group_object_filter,