From fa6324ab1d98cb21241ac03041350aa811e89bec Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Wed, 27 Oct 2021 15:43:56 +0200
Subject: [PATCH] sources/ldap: prevent key `users` from being set as this is
 an M2M relation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 authentik/sources/ldap/sync/groups.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/authentik/sources/ldap/sync/groups.py b/authentik/sources/ldap/sync/groups.py
index 2563a034c..29e54fb31 100644
--- a/authentik/sources/ldap/sync/groups.py
+++ b/authentik/sources/ldap/sync/groups.py
@@ -40,6 +40,9 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
                 self._logger.debug("Creating group with attributes", **defaults)
                 if "name" not in defaults:
                     raise IntegrityError("Name was not set by propertymappings")
+                # Special check for `users` field, as this is an M2M relation, and cannot be sync'd
+                if "users" in defaults:
+                    del defaults["users"]
                 ak_group, created = Group.objects.update_or_create(
                     **{
                         f"attributes__{LDAP_UNIQUENESS}": uniq,