Re: [netbox-discuss] ldap authenticatie

[Alex Shishko]

https://youtu.be/SOs8xZyJ6EY

пт, 18 июн. 2021 г. в 12:45, sem <semvo...@gmail.com>:

Best,

I've setup Netbox with LDAP,

this config works

import ldap
from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_SERVER_URI = "ldap://ldap.name.nl"

AUTH_LDAP_BIND_DN = "cn=admin,dc=name,dc=nl"
AUTH_LDAP_BIND_PASSWORD = "XXXXXXXX"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=name,dc=nl",ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)")

AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=name,dc=nl"

#You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

but when I use groups it wont work.

this is the config with groups:

import ldap
from django_auth_ldap.config import LDAPSearch, PosixGroupType

# Server URI
AUTH_LDAP_SERVER_URI = "ldap://ldap.name.nl"

# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "cn=admin,dc=name,dc=nl"
AUTH_LDAP_BIND_PASSWORD = "i&TFD22VQ"

LDAP_IGNORE_CERT_ERRORS = True

AUTH_LDAP_USER_DN_TEMPLATE = "cn=%(user)s,ou=users,dc=name,dc=nl"

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
}

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("dc=name,dc=nl", ldap.SCOPE_SUBTREE, "(objectClass=PosixGroupType)")
AUTH_LDAP_GROUP_TYPE = PosixGroupType()

AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_FIND_GROUP_PERMS = True

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_superuser": "cn=somegroup,ou=groups,dc=name,dc=nl",
}

I created in netbox a group with the same name in ldap but also no magic...

I use netbox(v2.11.6) debian 10 buster Python 3.7.3

--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/2412bc7b-c193-4a47-bdd0-3a5215b05954n%40googlegroups.com.

[Evan Brodie]

This is the config that I'm using that I got to work well with Active Directory:

import ldap, logging, logging.handlers
from django_auth_ldap.config import LDAPSearch, ActiveDirectoryGroupType

AUTH_LDAP_SERVER_URI = "ldap://domain_name.com"
AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_REFERRALS: 0 }
AUTH_LDAP_BIND_DN = "CN=netbox,CN=Users,DC=domain_name,DC=com"
AUTH_LDAP_BIND_PASSWORD = "#########"
LDAP_IGNORE_CERT_ERRORS = True

AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=domain_name,DC=com", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail",}

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=domain_name,DC=com", ldap.SCOPE_SUBTREE, "(objectCategory=Group)")
AUTH_LDAP_GROUP_TYPE = ActiveDirectoryGroupType(name_attr="cn")

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_staff": "cn=Technology,CN=Users,DC=domain_name,DC=com",
    "is_superuser": "cn=Technology,CN=Users,DC=domain_name,DC=com",
}

AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_CACHE_TIMEOUT = 1
AUTHENTICATION_BACKENDS = (
    "django_auth_ldap.backend.LDAPBackend",
    "django.contrib.auth.backends.ModelBackend",
)

logfile = "/opt/netbox/logs/django-ldap-debug.log"
my_logger = logging.getLogger('django_auth_ldap')
my_logger.setLevel(logging.DEBUG)
handler = logging.handlers.RotatingFileHandler(
logfile, maxBytes=1024 * 500, backupCount=5)
my_logger.addHandler(handler)

To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/CAO%3D1UOP-1Sb6peacybDnfEfm-tFBZGySEErH8aazL4asnvyZUw%40mail.gmail.com.

[Alex Shishko]

Thanks!

пт, 18 июн. 2021 г. в 21:21, Evan Brodie <eabr...@gmail.com>: