diff options
Diffstat (limited to 'kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py')
-rwxr-xr-x | kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py new file mode 100755 index 0000000000..c7e0d3bee9 --- /dev/null +++ b/kubernetes/contrib/components/netbox/charts/netbox-app/resources/config/configuration/ldap_config.py @@ -0,0 +1,55 @@ +import ldap +import os + +from django_auth_ldap.config import LDAPSearch, GroupOfNamesType + +# Server URI +AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', '') + +# The following may be needed if you are binding to Active Directory. +AUTH_LDAP_CONNECTION_OPTIONS = { + ldap.OPT_REFERRALS: 0 +} + +# Set the DN and password for the NetBox service account. +AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '') +AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', '') + +# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert. +# Note that this is a NetBox-specific setting which sets: +# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER) +LDAP_IGNORE_CERT_ERRORS = os.environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true' + +AUTH_LDAP_USER_SEARCH = LDAPSearch(os.environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', ''), + ldap.SCOPE_SUBTREE, + "(sAMAccountName=%(user)s)") + +# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group +# heirarchy. +AUTH_LDAP_GROUP_SEARCH = LDAPSearch(os.environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', ''), ldap.SCOPE_SUBTREE, + "(objectClass=group)") +AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() + +# Define a group required to login. +AUTH_LDAP_REQUIRE_GROUP = os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', '') + +# Define special user types using groups. Exercise great caution when assigning superuser status. +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_active": os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''), + "is_staff": os.environ.get('AUTH_LDAP_IS_ADMIN_DN', ''), + "is_superuser": os.environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '') +} + +# For more granular permissions, we can map LDAP groups to Django groups. +AUTH_LDAP_FIND_GROUP_PERMS = os.environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true' + +# Cache groups for one hour to reduce LDAP traffic +AUTH_LDAP_CACHE_GROUPS = os.environ.get('AUTH_LDAP_CACHE_GROUPS', 'True').lower() == 'true' +AUTH_LDAP_GROUP_CACHE_TIMEOUT = int(os.environ.get('AUTH_LDAP_CACHE_GROUPS', 3600)) + +# Populate the Django user from the LDAP directory. +AUTH_LDAP_USER_ATTR_MAP = { + "first_name": os.environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'), + "last_name": os.environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'), + "email": os.environ.get('AUTH_LDAP_ATTR_MAIL', 'mail') +} |