From 6aa9303339ac1793b4be9ae01c56a6369a5d77f0 Mon Sep 17 00:00:00 2001
From: Dakota G <13515931+shrunbr@users.noreply.github.com>
Date: Tue, 6 Aug 2024 08:06:16 -0500
Subject: [PATCH] example_configs: Add configuration for Netbox

---
 README.md                 |   1 +
 example_configs/netbox.md | 149 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 150 insertions(+)
 create mode 100644 example_configs/netbox.md

diff --git a/README.md b/README.md
index 8e16579..6a7449d 100644
--- a/README.md
+++ b/README.md
@@ -392,6 +392,7 @@ folder for help with:
 - [Metabase](example_configs/metabase.md)
 - [MegaRAC-BMC](example_configs/MegaRAC-SP-X-BMC.md)
 - [MinIO](example_configs/minio.md)
+- [Netbox](example_configs/netbox.md)
 - [Nextcloud](example_configs/nextcloud.md)
 - [Nexus](example_configs/nexus.md)
 - [OCIS (OwnCloud Infinite Scale)](example_configs/ocis.md)
diff --git a/example_configs/netbox.md b/example_configs/netbox.md
new file mode 100644
index 0000000..924bd8e
--- /dev/null
+++ b/example_configs/netbox.md
@@ -0,0 +1,149 @@
+# Configuration for Netbox
+
+Netbox LDAP configuration is located [here](https://netboxlabs.com/docs/netbox/en/stable/installation/6-ldap/)
+
+## Prerequisites
+
+1. Install requirements
+    
+    **Debian/Ubuntu:** `sudo apt install -y libldap2-dev libsasl2-dev libssl-dev`
+
+    **CentOS:** `sudo yum install -y openldap-devel python3-devel`
+
+2. Install django-auth-ldap
+
+    `source /opt/netbox/venv/bin/activatepip3 install django-auth-ldap`
+
+3. Add package to local requirements
+
+    `sudo sh -c "echo 'django-auth-ldap' >> /opt/netbox/local_requirements.txt"`
+
+4. Enable LDAP backend in configuration.py (*default: /opt/netbox/netbox/netbox/configuration.py*)
+
+    `REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'`
+
+## LDAP Configuration
+
+1. Create ldap_config.py file
+
+    `touch /opt/netbox/netbox/netbox/ldap_config.py`
+
+2. Copy and modify the configuration below
+
+```python
+import ldap
+from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType
+
+# Server URI
+AUTH_LDAP_SERVER_URI = "ldaps://lldap.example.com:6360"
+
+# Connection options, if necessary
+AUTH_LDAP_CONNECTION_OPTIONS = {
+    ldap.OPT_REFERRALS: 0  # Disable referral chasing if not needed
+}
+
+# Bind DN and password for the service account
+AUTH_LDAP_BIND_DN = "uid=admin,ou=people,dc=example,dc=com"
+AUTH_LDAP_BIND_PASSWORD = "ChangeMe!"
+
+# Ignore certificate errors (for self-signed certificates)
+LDAP_IGNORE_CERT_ERRORS = False  # Only use in development or testing!
+
+# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server
+# Note that this is a NetBox-specific setting which sets:
+#     ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)
+LDAP_CA_CERT_DIR = '/etc/ssl/certs'
+
+# Include this setting if you want to validate the LDAP server certificates against your own CA.
+# Note that this is a NetBox-specific setting which sets:
+#     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)
+LDAP_CA_CERT_FILE = '/path/to/example-CA.crt'
+
+# User search configuration
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+    "ou=people,dc=example,dc=com",
+    ldap.SCOPE_SUBTREE,
+    "(uid=%(user)s)"
+)
+
+# User DN template
+AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,dc=example,dc=com"
+
+# Map LDAP attributes to Django user attributes
+AUTH_LDAP_USER_ATTR_MAP = {
+    "username": "uid",
+    "email": "mail",
+    "first_name": "givenName",
+    "last_name": "sn",
+}
+
+# Group search configuration
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+    "ou=groups,dc=example,dc=com",
+    ldap.SCOPE_SUBTREE,
+    "(objectClass=group)"
+)
+AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()
+
+# Require users to be in a specific group to log in
+AUTH_LDAP_REQUIRE_GROUP = "cn=netbox_users,ou=groups,dc=example,dc=com"
+
+# Mirror LDAP group assignments
+AUTH_LDAP_MIRROR_GROUPS = True
+
+# Map LDAP groups to Django user flags
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+    "is_superuser": "cn=netbox_admins,ou=groups,dc=example,dc=com"
+}
+
+# Find group permissions
+AUTH_LDAP_FIND_GROUP_PERMS = True
+
+# Cache group memberships to reduce LDAP traffic
+AUTH_LDAP_CACHE_TIMEOUT = 3600
+
+# Always update user information from LDAP on login
+AUTH_LDAP_ALWAYS_UPDATE_USER = True
+```
+
+3. Restart netbox and netbox-rq
+
+    `sudo systemctl restart netbox netbox-rq`
+
+## Troubleshoot LDAP
+
+1. Make logging directory
+
+    `sudo mkdir -p /opt/netbox/local/logs/`
+
+2. Make log file
+
+    `sudo touch /opt/netbox/local/logs/django-ldap-debug.log`
+
+3. Set permissions
+
+    `sudo chown -R netbox:root /opt/netbox/local`
+
+4. Add the following to */opt/netbox/netbox/netbox/configuration.py*
+
+```py
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'netbox_auth_log': {
+            'level': 'DEBUG',
+            'class': 'logging.handlers.RotatingFileHandler',
+            'filename': '/opt/netbox/local/logs/django-ldap-debug.log',
+            'maxBytes': 1024 * 500,
+            'backupCount': 5,
+        },
+    },
+    'loggers': {
+        'django_auth_ldap': {
+            'handlers': ['netbox_auth_log'],
+            'level': 'DEBUG',
+        },
+    },
+}
+```
\ No newline at end of file