LDAP Authenticaion for Netbox? Help

2,588 views
Skip to first unread message

Joey Jojo

unread,
Oct 23, 2017, 8:03:27 PM10/23/17
to NetBox
Hello,

I am running an Ubuntu 14.04 Netbox Server which is just local authentication and I'd like to implement LDAP but it's proving harder to implement than expected.

I followed the instructions: https://netbox.readthedocs.io/en/stable/installation/ldap/ but after a reboot I get a 502 Bad Gateway Error. Is there something anything I have to do after creating this file? Anything I need to run before? 

My file ldap_config.py has errors I know it but I'm not sure what I have to change really. I'd like to just get it to work with authentication everyone first and then I can lock it down to just the Domain Admins group as I set in AUTH_LDAP_REQUIRE_GROUP but no matter what changes I make I keep getting the 502 Bad Gateway page. My LDAP_CONFIG.PY file looks like this:

import ldap

# Server URI
AUTH_LDAP_SERVER_URI = "ldaps://srvvandc01.domain.com:"

# The following may be needed if you are binding to Active Directory.
AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_REFERRALS: 0
}

# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "CN=SnipeIT Connector,OU=Service_Accounts,DC=dhxmedia,DC=com"
AUTH_LDAP_BIND_PASSWORD = "Password"

# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
# Note that this is a NetBox-specific setting which sets:
#     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
LDAP_IGNORE_CERT_ERRORS = True

from django_auth_ldap.config import LDAPSearch

# This search matches users with the sAMAccountName equal to the provided username. This is required if the user's
# username is not in their DN (Active Directory).
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Locations,DC=domain,DC=com",
                                    ldap.SCOPE_SUBTREE,
                                    "(sAMAccountName=%(user)s)")

# If a user's DN is producible from their username, we don't need to search.
AUTH_LDAP_USER_DN_TEMPLATE = None

# You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn"
}

from django_auth_ldap.config import LDAPSearch, GroupOfNamesType

# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# heirarchy.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=domain,DC=com", ldap.SCOPE_SUBTREE,
                                    "(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()

# Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP = "CN=Domain Admins,CN=Users,DC=domain,DC=com"

# Define special user types using groups. Exercise great caution when assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
    "is_active": "cn=netbox-user,ou=security groups,ou=users,dc=domain,dc=com",
    "is_staff": "cn=netbox-user,ou=security groups,ou=users,dc=domain,dc=com"",
   "is_superuser": "cn=netbox-admin,ou=security groups,ou=users,dc=domain,dc=com""
}
# For more granular permissions, we can map LDAP groups to Django groups.
AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache groups for one hour to reduce LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

Joey Jojo

unread,
Oct 26, 2017, 5:14:59 PM10/26/17
to NetBox
nobody really???!!! the documentation is poorly written for the LDAP integration

Richard Mayhew

unread,
Oct 26, 2017, 5:42:42 PM10/26/17
to NetBox

I'm successfully running Netbox with LDAP integration with a security group. I'll see if I can send you a copy of my configuration.

Message has been deleted

Richard Mayhew

unread,
Oct 27, 2017, 7:12:58 AM10/27/17
to NetBox
import ldap

AUTH_LDAP_SERVER_URI = "ldap://10.10.10.10"
AUTH_LDAP_CONNECTION_OPTIONS = {
            ldap.OPT_REFERRALS: 0
            }
AUTH_LDAP_BIND_DN = "cn=MyCN,ou=MyOU,ou=MyOU,dc=MyDC,dc=local"
AUTH_LDAP_BIND_PASSWORD = "PASSWORD"
LDAP_IGNORE_CERT_ERRORS = True

from django_auth_ldap.config import LDAPSearch

AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=MyOU,dc=MyDC,dc=local",
                                                    ldap.SCOPE_SUBTREE,
                                                    "(sAMAccountName=%(user)s)")

# You can map user attributes to Django attributes as so
AUTH_LDAP_USER_ATTR_MAP = {
           "first_name": "givenName",
           "last_name": "sn",
           "email": "mail"
                        }

from django_auth_ldap.config import LDAPSearch, GroupOfNamesType #NestedGroupOfNamesType

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=MyDC,DC=local", ldap.SCOPE_SUBTREE, "(objectClass=group)")

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()

AUTH_LDAP_REQUIRE_GROUP = "cn=MyCN,ou=MyOU,ou=MyOU,dc=MyDC,dc=local"

AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600


Joey Jojo

unread,
Oct 27, 2017, 2:35:11 PM10/27/17
to NetBox
thanks Richard! I'll give that a shot
Reply all
Reply to author
Forward
0 new messages