Struggling with LDAP auth

[Florian Knorn]

Hi there,

I'm trying hard to get LDAP auth going, but I think the plane hasn't even taken off.

I have created the /opt/netbox/netbox/netbox/ldap_config.py file (following the official guides and even looking at what other ressources said on the topic).

It appears that the file is being read (if I make an intensional syntax error, netbox won't start). 

However, netbox ever tries any LDAPy things. Trying to debug things futher, it appears that the following code in settings.py doesn't result in True:

try:
    from netbox import ldap_config as LDAP_CONFIG
except ImportError:
    LDAP_CONFIG = None  


if LDAP_CONFIG is not None:
    ### THIS IS NEVER

if I move from netbox import ldap_config as LDAP_CONFIG from the try/except block to have it executed directly, I get the error

ModuleNotFoundError: No module named 'ldap'

so that must be the issue...

Now, I am unsure how to resolve this. I have tried pip3 installing a bunch of ldap-sounding things, to no avail.

Any pointers? Which package is required here?

PS: Running the latest version (v2.6.2) on an Ubuntu 18 box, really just following the install guides. Netbox itself works perfectly with local users... Cheers!

[Jason Guy]

Have you installed the django_auth_ldap package? 

Something is causing an exception on the import. Make sure the syntax of the ldap_config file is correct. A good way to do that is paste it into a django shell:

# netbox/manage.py shell

Then paste in the ldap.config contents in. Minimally, this most of my working config:

import ldap
from django_auth_ldap.config import LDAPSearch, PosixGroupType

# LDAP connection settings
# Server URI
AUTH_LDAP_SERVER_URI = "ldaps://ldap.server.com
# Set the DN and password for the authenticated bind.
AUTH_LDAP_BIND_DN = "cn=foo,dc=server,dc=com"
AUTH_LDAP_BIND_PASSWORD = "supersecret"
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=somegroup,dc=server,dc=com"
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("ou=groups,dc=server,dc=com",
   ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType(name_attr="cn")
AUTHENTICATION_BACKENDS = (
    'django_auth_ldap.backend.LDAPBackend',
    'django.contrib.auth.backends.ModelBackend',
)

--
You received this message because you are subscribed to the Google Groups "NetBox" group.
To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/0ce05e6e-82c5-4286-ad4e-d478ce793218%40googlegroups.com.

[Florian Knorn]

Dear Jason,

many thanks for the quick reply. I wasn't aware of the shell, so thanks for the tip. And yes, i have django_auth_ldap installed.

So I ran python3.6 manage.py shell and pasted the entire contents of my ldap_config.py ... all good, not a single error!

Specifically the import ldap part just seems to go through without any complains.

Any pointers now?

Cheers,

Florian

To unsubscribe from this group and stop receiving emails from it, send an email to netbox-...@googlegroups.com.

[Brian Candler]

What about:

cd /opt/netbox

python3 netbox/manage.py runserver '[::]:8000' --insecure

(with the try/except still commented out?)  Then try pointing a real client at x.x.x.x:8000.  If that starts doing LDAPy things, then you know the problem is to do with gunicorn.

If that works as root, then try again using the same userid that gunicorn normally runs as, e.g.

su -s /bin/bash www-data

cd /opt/netbox

python3 netbox/manage.py runserver '[::]:8000' --insecure

If it fails, it likely means the ldap library has been installed with bad permissions and is not readable to other users on the system.

Finally, I have seen cases where gunicorn is running with python2 instead of with python3.  This is a problem which can rear itself if supervisord was installed, since that pulls in python2 as a dependency.  Having said that, netbox 2.5+ should fall over in all sorts of other ways if not run under python3.  If you can show the full backtrace from when you got "ModuleNotFoundError: No module named 'ldap'", that may clarify.

[Florian Knorn]

Hi Brian,

thank you to you too for looking into this. It looks like it's user / permissions things / where pip3 installed things.

If I run (as root)

python3.6 /opt/netbox/netbox/manage.py shell

import ldap

all is good.

If I instead first su -s /bin/bash www-data and then run those commands, I get the ldap module not found.

Now, it was unclear to me how (as what user) to actually run pip3, but after running sudo -H pip3 install django_auth_ldap again (the -H part being the crucial detail) the module seemed to get installed so that all users (including www-data) can use it.

Now I am am having some LDAP issues, but should hopefully be able to resolve them thanks to the nice output produced by python3 netbox/manage.py runserver '[::]:8000' --insecure.

Thanks everyone!

[Jason Guy]

Hi Florian,

I am personally a huge proponent of using virtualenv. It is the easiest way to control the environment and ensure everything is correct. 

Glad you got it working!

Jason

--
You received this message because you are subscribed to the Google Groups "NetBox" group.

To unsubscribe from this group and stop receiving emails from it, send an email to netbox-discus...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/netbox-discuss/c7d74637-3ed0-4c58-be60-b19d7f4afd34%40googlegroups.com.