From 020e0adeb49a2f03ffdcc3e2903e4c72c661f5d0 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Mon, 22 Feb 2021 15:53:02 -0500 Subject: [PATCH 1/5] update .gitignore to keep extra.py in ldap config --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 07859bbcf..04dcc7ec8 100644 --- a/.gitignore +++ b/.gitignore @@ -8,5 +8,6 @@ configuration/* !configuration/extra.py configuration/ldap/* !configuration/ldap/ldap_config.py +!configuration/ldap/extra.py prometheus.yml super-linter.log From 22186b267daef78c679a4dc2ae2ef2d9865fc131 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Mon, 22 Feb 2021 15:55:40 -0500 Subject: [PATCH 2/5] do not set AUTH_LDAP_MIRROR_GROUPS if not defined --- configuration/ldap/ldap_config.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py index 3071b4581..f316ac0d7 100644 --- a/configuration/ldap/ldap_config.py +++ b/configuration/ldap/ldap_config.py @@ -77,7 +77,8 @@ def _import_group_type(group_type_name): # For more granular permissions, we can map LDAP groups to Django groups. AUTH_LDAP_FIND_GROUP_PERMS = environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true' -AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', '').lower() == 'true' +if environ.get('AUTH_LDAP_MIRROR_GROUPS') is not None: + AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', '').lower() == 'true' # Cache groups for one hour to reduce LDAP traffic AUTH_LDAP_CACHE_TIMEOUT = int(environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600)) From 0dec4d8df4a044f08d5e7ca6b75cb51562fc1785 Mon Sep 17 00:00:00 2001 From: Ryan Merolle Date: Mon, 22 Feb 2021 16:00:08 -0500 Subject: [PATCH 3/5] Add extra.py example for ldap config --- configuration/ldap/extra.py | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 configuration/ldap/extra.py diff --git a/configuration/ldap/extra.py b/configuration/ldap/extra.py new file mode 100644 index 000000000..2edae8649 --- /dev/null +++ b/configuration/ldap/extra.py @@ -0,0 +1,8 @@ +#### +## This file contains extra configuration options that can't be configured +## directly through environment variables. +#### + +# import ldap + +# AUTH_LDAP_MIRROR_GROUPS = ["netbox-group-1", "netbox-group-2"] From 222ede2c4bd4754db93c4c7329a7d5a9924361db Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Tue, 20 Apr 2021 03:35:57 -0400 Subject: [PATCH 4/5] enahance ldap extra.py with more examples --- configuration/ldap/extra.py | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/configuration/ldap/extra.py b/configuration/ldap/extra.py index 2edae8649..60a80eb2f 100644 --- a/configuration/ldap/extra.py +++ b/configuration/ldap/extra.py @@ -1,8 +1,28 @@ #### ## This file contains extra configuration options that can't be configured ## directly through environment variables. +## All vairables set here overwrite any existing found in ldap_config.py #### -# import ldap +# # This Python script inherits all the imports from ldap_config.py +# from django_auth_ldap.config import LDAPGroupQuery # Imported since not in ldap_config.py -# AUTH_LDAP_MIRROR_GROUPS = ["netbox-group-1", "netbox-group-2"] +# # Sets a base requirement of membetship to netbox-user-ro, netbox-user-rw, or netbox-user-admin. +# AUTH_LDAP_REQUIRE_GROUP = ( +# LDAPGroupQuery("cn=netbox-user-ro,ou=groups,dc=example,dc=com") +# | LDAPGroupQuery("cn=netbox-user-rw,ou=groups,dc=example,dc=com") +# | LDAPGroupQuery("cn=netbox-user-admin,ou=groups,dc=example,dc=com") +# ) + +# # Sets LDAP Flag groups variables with example. +# AUTH_LDAP_USER_FLAGS_BY_GROUP = { +# "is_staff": ( +# LDAPGroupQuery("cn=netbox-user-ro,ou=groups,dc=example,dc=com") +# | LDAPGroupQuery("cn=netbox-user-rw,ou=groups,dc=example,dc=com") +# | LDAPGroupQuery("cn=netbox-user-admin,ou=groups,dc=example,dc=com") +# ), +# "is_superuser": "cn=netbox-user-admin,ou=groups,dc=example,dc=com", +# } + +# # Sets LDAP Mirror groups variables with example groups +# AUTH_LDAP_MIRROR_groups = ["netbox-user-ro", "netbox-user-rw", "netbox-user-admin"] From 6f4d025cb7a859c294c2d4b75f8b4680f3c99c40 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Tue, 20 Apr 2021 03:38:20 -0400 Subject: [PATCH 5/5] backed out ldap_config changes --- configuration/ldap/ldap_config.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py index f316ac0d7..3071b4581 100644 --- a/configuration/ldap/ldap_config.py +++ b/configuration/ldap/ldap_config.py @@ -77,8 +77,7 @@ def _import_group_type(group_type_name): # For more granular permissions, we can map LDAP groups to Django groups. AUTH_LDAP_FIND_GROUP_PERMS = environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true' -if environ.get('AUTH_LDAP_MIRROR_GROUPS') is not None: - AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', '').lower() == 'true' +AUTH_LDAP_MIRROR_GROUPS = environ.get('AUTH_LDAP_MIRROR_GROUPS', '').lower() == 'true' # Cache groups for one hour to reduce LDAP traffic AUTH_LDAP_CACHE_TIMEOUT = int(environ.get('AUTH_LDAP_CACHE_TIMEOUT', 3600))