mirrors/lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2024-11-25 09:06:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

example_configs: Add configuration for Netbox
Some checks failed
Rust / pre_job (push) Has been cancelled
Details
Rust / cargo test (push) Has been cancelled
Details
Rust / cargo clippy (push) Has been cancelled
Details
Rust / cargo fmt (push) Has been cancelled
Details
Rust / Code coverage (push) Has been cancelled
Details

Browse source
This commit is contained in:
Dakota G 2024-08-06 08:06:16 -05:00 committed by GitHub
parent 049a360506
commit 6aa9303339
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 150 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -392,6 +392,7 @@ folder for help with:
- [Metabase](example_configs/metabase.md)
- [MegaRAC-BMC](example_configs/MegaRAC-SP-X-BMC.md)
- [MinIO](example_configs/minio.md)
- [Netbox](example_configs/netbox.md)
- [Nextcloud](example_configs/nextcloud.md)
- [Nexus](example_configs/nexus.md)
- [OCIS (OwnCloud Infinite Scale)](example_configs/ocis.md)

149
example_configs/netbox.md Normal file
View file

@ -0,0 +1,149 @@
# Configuration for Netbox
Netbox LDAP configuration is located [here](https://netboxlabs.com/docs/netbox/en/stable/installation/6-ldap/)
## Prerequisites
1. Install requirements
**Debian/Ubuntu:** `sudo apt install -y libldap2-dev libsasl2-dev libssl-dev`
**CentOS:** `sudo yum install -y openldap-devel python3-devel`
2. Install django-auth-ldap
`source /opt/netbox/venv/bin/activatepip3 install django-auth-ldap`
3. Add package to local requirements
`sudo sh -c "echo 'django-auth-ldap' >> /opt/netbox/local_requirements.txt"`
4. Enable LDAP backend in configuration.py (*default: /opt/netbox/netbox/netbox/configuration.py*)
`REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'`
## LDAP Configuration
1. Create ldap_config.py file
`touch /opt/netbox/netbox/netbox/ldap_config.py`
2. Copy and modify the configuration below
```python
import ldap
from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType
# Server URI
AUTH_LDAP_SERVER_URI = "ldaps://lldap.example.com:6360"
# Connection options, if necessary
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0 # Disable referral chasing if not needed
}
# Bind DN and password for the service account
AUTH_LDAP_BIND_DN = "uid=admin,ou=people,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "ChangeMe!"
# Ignore certificate errors (for self-signed certificates)
LDAP_IGNORE_CERT_ERRORS = False # Only use in development or testing!
# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)
LDAP_CA_CERT_DIR = '/etc/ssl/certs'
# Include this setting if you want to validate the LDAP server certificates against your own CA.
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)
LDAP_CA_CERT_FILE = '/path/to/example-CA.crt'
# User search configuration
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"ou=people,dc=example,dc=com",
ldap.SCOPE_SUBTREE,
"(uid=%(user)s)"
)
# User DN template
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,dc=example,dc=com"
# Map LDAP attributes to Django user attributes
AUTH_LDAP_USER_ATTR_MAP = {
"username": "uid",
"email": "mail",
"first_name": "givenName",
"last_name": "sn",
}
# Group search configuration
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"ou=groups,dc=example,dc=com",
ldap.SCOPE_SUBTREE,
"(objectClass=group)"
)
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()
# Require users to be in a specific group to log in
AUTH_LDAP_REQUIRE_GROUP = "cn=netbox_users,ou=groups,dc=example,dc=com"
# Mirror LDAP group assignments
AUTH_LDAP_MIRROR_GROUPS = True
# Map LDAP groups to Django user flags
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_superuser": "cn=netbox_admins,ou=groups,dc=example,dc=com"
}
# Find group permissions
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache group memberships to reduce LDAP traffic
AUTH_LDAP_CACHE_TIMEOUT = 3600
# Always update user information from LDAP on login
AUTH_LDAP_ALWAYS_UPDATE_USER = True
```
3. Restart netbox and netbox-rq
`sudo systemctl restart netbox netbox-rq`
## Troubleshoot LDAP
1. Make logging directory
`sudo mkdir -p /opt/netbox/local/logs/`
2. Make log file
`sudo touch /opt/netbox/local/logs/django-ldap-debug.log`
3. Set permissions
`sudo chown -R netbox:root /opt/netbox/local`
4. Add the following to */opt/netbox/netbox/netbox/configuration.py*
```py
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'netbox_auth_log': {
'level': 'DEBUG',
'class': 'logging.handlers.RotatingFileHandler',
'filename': '/opt/netbox/local/logs/django-ldap-debug.log',
'maxBytes': 1024 * 500,
'backupCount': 5,
},
},
'loggers': {
'django_auth_ldap': {
'handlers': ['netbox_auth_log'],
'level': 'DEBUG',
},
},
}
```