mirror of
https://github.com/netbox-community/netbox-docker.git
synced 2024-11-21 15:33:18 +01:00
20
LDAP
tibuski edited this page 2022-08-12 10:24:31 +02:00
LDAP configuration is done by django ldap module
Take a note that changing configuration/ldap_config.py
is strongly discouraged. NetBox container reports barely any python errors.
Override example
Among others you can use docker-compose.override.yml to inject necessary variables.
NOTE: Images with tag
-ldap
are not maintained anymore (They were used for versions < 2.0).
Don't forget that thenetbox-worker
andnetbox-housekeeping
services should use the same image. See this issue.
Example override file for Active Directory
version: "3.4"
services:
netbox:
environment:
REMOTE_AUTH_ENABLED: "True"
REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
AUTH_LDAP_BIND_DN: "CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com"
AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
AUTH_LDAP_USER_SEARCH_BASEDN: "OU=MyCompany,DC=domain,dc=com"
AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-User,OU=SoftwareGroups,OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
AUTH_LDAP_GROUP_TYPE: "NestedGroupOfNamesType"
AUTH_LDAP_IS_ADMIN_DN: "CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com"
AUTH_LDAP_IS_SUPERUSER_DN: "CN=Domain Admins,CN=Users,DC=domain,dc=com"
LDAP_IGNORE_CERT_ERRORS: "false"
Example override file for OpenLDAP
Remember to change AUTH_LDAP_GROUP_TYPE
to proper value.
version: "3.4"
services:
netbox:
environment:
REMOTE_AUTH_ENABLED: "True"
REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
AUTH_LDAP_BIND_DN: "cn=netbox,ou=services,dc=domain,dc=com"
AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
AUTH_LDAP_USER_SEARCH_BASEDN: "ou=people,dc=domain,dc=com"
AUTH_LDAP_GROUP_SEARCH_BASEDN: "ou=groups,dc=domain,dc=com"
AUTH_LDAP_REQUIRE_GROUP_DN: "cn=netbox" # or "cn=netbox,ou=groups,dc=domain,dc=com"
AUTH_LDAP_IS_ADMIN_DN: "cn=netbox-admins,ou=groups,dc=domain,dc=com"
AUTH_LDAP_IS_SUPERUSER_DN: "cn=netbox-superusers,ou=groups,dc=domain,dc=com"
AUTH_LDAP_USER_SEARCH_ATTR: "uid"
AUTH_LDAP_GROUP_SEARCH_CLASS: "groupOfUniqueNames"
AUTH_LDAP_GROUP_TYPE: "GroupOfUniqueNamesType"
AUTH_LDAP_ATTR_LASTNAME: "sn"
AUTH_LDAP_ATTR_FIRSTNAME: "givenName"
LDAP_IGNORE_CERT_ERRORS: "false"