20 LDAP
tibuski edited this page 2022-08-12 10:24:31 +02:00

LDAP configuration is done by django ldap module

Take a note that changing configuration/ldap_config.py is strongly discouraged. NetBox container reports barely any python errors.

Override example

Among others you can use docker-compose.override.yml to inject necessary variables.

NOTE: Images with tag -ldap are not maintained anymore (They were used for versions < 2.0).
Don't forget that the netbox-worker and netbox-housekeeping services should use the same image. See this issue.

Example override file for Active Directory

version: "3.4"
services:
  netbox:
    environment:
      REMOTE_AUTH_ENABLED: "True"
      REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-User,OU=SoftwareGroups,OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_GROUP_TYPE: "NestedGroupOfNamesType"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Domain Admins,CN=Users,DC=domain,dc=com"
      LDAP_IGNORE_CERT_ERRORS: "false"

Example override file for OpenLDAP

Remember to change AUTH_LDAP_GROUP_TYPE to proper value.

version: "3.4"
services:
  netbox:
    environment:
      REMOTE_AUTH_ENABLED: "True"
      REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "cn=netbox,ou=services,dc=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "ou=people,dc=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "ou=groups,dc=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "cn=netbox" # or "cn=netbox,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "cn=netbox-admins,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "cn=netbox-superusers,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_USER_SEARCH_ATTR: "uid"
      AUTH_LDAP_GROUP_SEARCH_CLASS: "groupOfUniqueNames"
      AUTH_LDAP_GROUP_TYPE: "GroupOfUniqueNamesType"
      AUTH_LDAP_ATTR_LASTNAME: "sn"
      AUTH_LDAP_ATTR_FIRSTNAME: "givenName"
      LDAP_IGNORE_CERT_ERRORS: "false"