Hellow. My first time working with LDAP and Netbox.
Problem: User is added to the superuser group which is defined in ldap config in "is_superuser" section. After logging into NetBox, this user does not have superuser status.
This is the result in NetBox: https://i.imgur.com/YMY4Nsr.png
How did I create users and groups:
- Step one: created 3 groups on AD server (netboxservice-active, netboxservice-staff and netboxservice-superuser)
- Step two: added user "dude" to all 3 groups
- Step three: added this three groups to ldap-config for Netbox
LDAP-config:
import ldap from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, NestedGroupOfNamesType # Server URI AUTH_LDAP_SERVER_URI = "ldaps://someserver.com" # The following may be needed if you are binding to Active Directory. AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_REFERRALS: 0 } # Set the DN and password for the NetBox service account. AUTH_LDAP_BIND_DN = "CN=netboxservice,OU=FIM-Managed,DC=someserver,DC=com" AUTH_LDAP_BIND_PASSWORD = "netboxservicepass" LDAP_IGNORE_CERT_ERRORS = True # This search matches Users with the sAMAccountName equal to the provided username. This is required if the user's # username is not in their DN (Active Directory). AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Users,DC=someserver,DC=com", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)") # You can map user attributes to Django attributes as so. AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" } AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=FIM-Managed Groups,DC=someserver,DC=com", ldap.SCOPE_SUBTREE, "(objectClass=group)") AUTH_LDAP_GROUP_TYPE = GroupOfNamesType() # Define a group required to login. AUTH_LDAP_REQUIRE_GROUP = "CN=netboxservice-active,OU=FIM-Managed Groups,DC=someserver,DC=com" # Mirror LDAP group assignments. AUTH_LDAP_MIRROR_GROUPS = True # Define special user types using groups. Exercise great caution when assigning superuser status. AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "CN=netboxservice-active,OU=FIM-Managed Groups,DC=someserver,DC=com", "is_staff": "CN=netboxservice-staff,OU=FIM-Managed Groups,DC=someserver,DC=com", "is_superuser": "CN=netboxservice-superuser,OU=FIM-Managed Groups,DC=someserver,DC=com" } # For more granular permissions, we can map LDAP groups to Django groups. AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_ALWAYS_UPDATE_USER = True # Cache groups for one hour to reduce LDAP traffic AUTH_LDAP_CACHE_GROUPS = False AUTH_LDAP_CACHE_TIMEOUT = 0 Can anyone share their config maybe?
No comments:
Post a Comment