mirror of
https://github.com/netbox-community/netbox-docker.git
synced 2024-11-22 07:53:46 +01:00
Merge pull request #1297 from NeodymiumFerBore/feat/multiple-ldap-require-dn
Feature: Support for multiple AUTH_LDAP_REQUIRE_GROUP from environment variables
This commit is contained in:
commit
636495e062
@ -1,11 +1,10 @@
|
||||
####
|
||||
## This file contains extra configuration options that can't be configured
|
||||
## directly through environment variables.
|
||||
## All vairables set here overwrite any existing found in ldap_config.py
|
||||
## All variables set here overwrite any existing found in ldap_config.py
|
||||
####
|
||||
|
||||
# # This Python script inherits all the imports from ldap_config.py
|
||||
# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py
|
||||
|
||||
# # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin.
|
||||
# AUTH_LDAP_REQUIRE_GROUP = (
|
||||
|
@ -2,7 +2,7 @@ from importlib import import_module
|
||||
from os import environ
|
||||
|
||||
import ldap
|
||||
from django_auth_ldap.config import LDAPSearch
|
||||
from django_auth_ldap.config import LDAPGroupQuery, LDAPSearch
|
||||
|
||||
|
||||
# Read secret from file
|
||||
@ -86,12 +86,22 @@ AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'G
|
||||
# Define a group required to login.
|
||||
AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN')
|
||||
|
||||
# If non-empty string, AUTH_LDAP_REQUIRE_GROUP will be treated as a list delimited by this separator
|
||||
AUTH_LDAP_REQUIRE_GROUP_SEPARATOR = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN_SEPARATOR', '')
|
||||
|
||||
# Define special user types using groups. Exercise great caution when assigning superuser status.
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
|
||||
|
||||
if AUTH_LDAP_REQUIRE_GROUP is not None:
|
||||
# Build an LDAPGroupQuery when AUTH_LDAP_REQUIRE_GROUP should be treated as a list
|
||||
if AUTH_LDAP_REQUIRE_GROUP_SEPARATOR:
|
||||
_groups = list(filter(None, AUTH_LDAP_REQUIRE_GROUP.split(AUTH_LDAP_REQUIRE_GROUP_SEPARATOR)))
|
||||
AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(_groups[0])
|
||||
for i in range(1, len(_groups)):
|
||||
AUTH_LDAP_REQUIRE_GROUP |= LDAPGroupQuery(_groups[i])
|
||||
|
||||
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
||||
"is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
|
||||
"is_active": AUTH_LDAP_REQUIRE_GROUP,
|
||||
"is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
|
||||
"is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user