Josh,
I’ve messed around with it and it works for us. We’re using ldap:// and not ldaps://, though
Here’s an excerpt of my ldap_config.py (IPs/users/passwords have been changed to protect the more-or-less innocent):
AUTH_LDAP_SERVER_URI = "ldap://192.168.10.100"
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_BIND_DN = "CN=bindaccount,OU=ServiceAccounts,OU=Global,DC=corp,DC=local"
AUTH_LDAP_BIND_PASSWORD = "VerySecure"
LDAP_IGNORE_CERT_ERRORS = True
from django_auth_ldap.config import LDAPSearch
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Wherever,DC=corp,DC=local",
ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)")
# You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, NestedGroupOfNamesType # I Probably added the ‘Nested…’
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=corp,DC=local", ldap.SCOPE_SUBTREE,
"(objectClass=group)")
# AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType() ### I changed this
# Define a group required to login
AUTH_LDAP_REQUIRE_GROUP = "CN=NetworkAdmins,OU=Groups,OU=Global,DC=corp,DC=local"
# Define special user types using groups. Exercise great caution when assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "cn=Network-Staff,ou=Groups,ou=Global,dc=corp,dc=local",
"is_staff": "cn=Network-Staff,ou=Groups,ou=Global,dc=corp,dc=local",
"is_superuser": "cn=Network-SU,ou=Groups,ou=Global,dc=corp,dc=local"
}
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
I commented out the following
### # Don't check the ldap server's certificate as much
### ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW)
###
### # Don't check the cert at all
### ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
I hope that helps a little,
Frank
--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To post to this group, send email to netbox-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/762c7bd9-70ee-4827-9c81-0c0dd61ebf15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
import ldap
AUTH_LDAP_SERVER_URI = "ldaps://domaincontroller1.domain.com"
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
AUTH_LDAP_BIND_DN = "cn=NetBox,ou=Users,ou=Sample,dc=domain,dc=com"
AUTH_LDAP_BIND_PASSWORD = "CLEARtextPASSWORD!!!!"
LDAP_IGNORE_CERT_ERRORS = False
from django_auth_ldap.config import LDAPSearch
AUTH_LDAP_USER_SEARCH = LDAPSearch("dc=domain,dc=com",
ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)")
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn"
}
from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("dc=domain,dc=com", ldap.SCOPE_SUBTREE,
"(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()
AUTH_LDAP_REQUIRE_GROUP = "cn=NetBox_Users,ou=Groups,ou=Sample,dc=domain,dc=com"
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"Write": "cn=NetBox_Users,ou=Groups,ou=Sample,dc=domain,dc=com",
}
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/0225edf5-41ce-45fa-bce6-35573bf2a4f9%40googlegroups.com.To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discuss+unsubscribe@googlegroups.com.
To post to this group, send email to netbox-discuss@googlegroups.com.