extern/netbox-docker
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox-docker.git synced 2024-11-07 08:34:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Feature: Support for multiple AUTH_LDAP_REQUIRE_GROUP from environment variables"

Browse Source
This commit is contained in:
Tobias Genannt 2024-09-04 17:53:24 +02:00 committed by GitHub
parent 52f38a3771
commit 942f978ed2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configuration/ldap/extra.py
View File

@ -1,10 +1,11 @@
####
## This file contains extra configuration options that can't be configured
## directly through environment variables.
## All variables set here overwrite any existing found in ldap_config.py
## All vairables set here overwrite any existing found in ldap_config.py
####
# # This Python script inherits all the imports from ldap_config.py
# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py
# # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin.
# AUTH_LDAP_REQUIRE_GROUP = (

14
configuration/ldap/ldap_config.py
View File

@ -2,7 +2,7 @@ from importlib import import_module
from os import environ
import ldap
from django_auth_ldap.config import LDAPGroupQuery, LDAPSearch
from django_auth_ldap.config import LDAPSearch
# Read secret from file
@ -86,22 +86,12 @@ AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'G
# Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN')
# If non-empty string, AUTH_LDAP_REQUIRE_GROUP will be treated as a list delimited by this separator
AUTH_LDAP_REQUIRE_GROUP_SEPARATOR = environ.get('AUTH_LDAP_REQUIRE_GROUP_DN_SEPARATOR', '')
# Define special user types using groups. Exercise great caution when assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {}
if AUTH_LDAP_REQUIRE_GROUP is not None:
# Build an LDAPGroupQuery when AUTH_LDAP_REQUIRE_GROUP should be treated as a list
if AUTH_LDAP_REQUIRE_GROUP_SEPARATOR:
_groups = list(filter(None, AUTH_LDAP_REQUIRE_GROUP.split(AUTH_LDAP_REQUIRE_GROUP_SEPARATOR)))
AUTH_LDAP_REQUIRE_GROUP = LDAPGroupQuery(_groups[0])
for i in range(1, len(_groups)):
AUTH_LDAP_REQUIRE_GROUP |= LDAPGroupQuery(_groups[i])
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": AUTH_LDAP_REQUIRE_GROUP,
"is_active": environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
"is_staff": environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
"is_superuser": environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
}