starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Read only permission using LDAP #3008

New Issue
Closed
opened 2025-12-29 18:24:42 +01:00 by adam · 1 comment
adam commented 2025-12-29 18:24:42 +01:00
Owner
Copy Link

Originally created by @ffs on GitHub (Nov 8, 2019).

Hello guys,

I just updated my netbox from v2.0.8 to v2.6.7.

I installed the new version and then I did the database restore and it is all fine.

Then I just copied the ldap file from my old server to this new one, follow the configuration below:

import ldap
import logging, logging.handlers
logfile = "/opt/netbox/logs/django-ldap-debug.log"
my_logger = logging.getLogger('django_auth_ldap')
my_logger.setLevel(logging.DEBUG)
handler = logging.handlers.RotatingFileHandler(
logfile, maxBytes=1024 * 500, backupCount=5)
my_logger.addHandler(handler)
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, NestedGroupOfNamesType

AUTH_LDAP_SERVER_URI = "ldap://10.208.2.13"

AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}

AUTH_LDAP_BIND_DN = "CN=Netbox Telecom,OU=Service,OU=Gerenciamento,DC=mydomain,DC=com,DC=br"
AUTH_LDAP_BIND_PASSWORD = "MyPassword"

LDAP_IGNORE_CERT_ERRORS = True

AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=,mydomain,DC=com,DC=br",ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)")

AUTH_LDAP_USER_DN_TEMPLATE = None

AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}

AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=mydomain,DC=com,DC=br", ldap.SCOPE_SUBTREE,"(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()

AUTH_LDAP_REQUIRE_GROUP = "CN=Netbox_Acesso,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br"

AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "CN=Netbox_Acesso,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br",
"is_staff": "CN=Netbox_Admin,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br",
"is_superuser": "CN=Netbox_Admin,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br"

}

AUTH_LDAP_FIND_GROUP_PERMS = True

AUTH_LDAP_CACHE_GROUPS = True

I can see on logs that Django is working well, I mean it can connect to my AD, retrieve user information and populate netbox register.

I have a group on Active Directory named Netbox_Acesso and on the old version everyone that was on this group had read only access on Netbox automatically.

But now every user that is in this group can log in on netbox but can't read anything. It appears only padlocks.

How can I give read only access to all users on group "Netbox_Acesso" from my AD automatically based on Active Directory groups?

Obs: I have only two groups "Netbox_Acesso" that I want to give read permission to users. And I have Netbox_Admin that I want to give admin access. By the way Admin access is working fine base on Netbox_Admin group.

Could someone help me please?

Thank you.

Originally created by @ffs on GitHub (Nov 8, 2019). Hello guys, I just updated my netbox from v2.0.8 to v2.6.7. I installed the new version and then I did the database restore and it is all fine. Then I just copied the ldap file from my old server to this new one, follow the configuration below: import ldap import logging, logging.handlers logfile = "/opt/netbox/logs/django-ldap-debug.log" my_logger = logging.getLogger('django_auth_ldap') my_logger.setLevel(logging.DEBUG) handler = logging.handlers.RotatingFileHandler( logfile, maxBytes=1024 * 500, backupCount=5) my_logger.addHandler(handler) from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, NestedGroupOfNamesType AUTH_LDAP_SERVER_URI = "ldap://10.208.2.13" AUTH_LDAP_CONNECTION_OPTIONS = { ldap.OPT_REFERRALS: 0 } AUTH_LDAP_BIND_DN = "CN=Netbox Telecom,OU=Service,OU=Gerenciamento,DC=mydomain,DC=com,DC=br" AUTH_LDAP_BIND_PASSWORD = "MyPassword" LDAP_IGNORE_CERT_ERRORS = True AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=,mydomain,DC=com,DC=br",ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)") AUTH_LDAP_USER_DN_TEMPLATE = None AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" } AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=mydomain,DC=com,DC=br", ldap.SCOPE_SUBTREE,"(objectClass=group)") AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType() AUTH_LDAP_REQUIRE_GROUP = "CN=Netbox_Acesso,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br" AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "CN=Netbox_Acesso,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br", "is_staff": "CN=Netbox_Admin,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br", "is_superuser": "CN=Netbox_Admin,OU=Netbox,OU=Telecom,OU=Grupos de Aplicacoes,OU=Grupos,OU=Gerenciamento,DC=mydomain,DC=com,DC=br" } AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_CACHE_GROUPS = True I can see on logs that Django is working well, I mean it can connect to my AD, retrieve user information and populate netbox register. I have a group on Active Directory named Netbox_Acesso and on the old version everyone that was on this group had read only access on Netbox automatically. But now every user that is in this group can log in on netbox but can't read anything. It appears only padlocks. How can I give read only access to all users on group "Netbox_Acesso" from my AD automatically based on Active Directory groups? Obs: I have only two groups "Netbox_Acesso" that I want to give read permission to users. And I have Netbox_Admin that I want to give admin access. By the way Admin access is working fine base on Netbox_Admin group. Could someone help me please? Thank you.
adam closed this issue 2025-12-29 18:24:42 +01:00
adam commented 2025-12-29 18:24:42 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Nov 11, 2019):

Thank you for your interest in NetBox. GitHub issues are intended for reporting reproducible bugs and requesting features, and must be submitted using one of the templates provided here. For general discussion, questions, or assistance with installation issues, please post to our mailing list instead.

@jeremystretch commented on GitHub (Nov 11, 2019): Thank you for your interest in NetBox. GitHub issues are intended for reporting reproducible bugs and requesting features, and must be submitted using one of the templates provided [here](https://github.com/digitalocean/netbox/issues/new/choose). For general discussion, questions, or assistance with installation issues, please post to our [mailing list](https://groups.google.com/forum/#!forum/netbox-discuss) instead.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#3008
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?