starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

LDAP authentication #37

New Issue
Closed
opened 2025-12-29 15:30:19 +01:00 by adam · 13 comments
adam commented 2025-12-29 15:30:19 +01:00
Owner
Copy Link

Originally created by @Luc1f3rUK on GitHub (Jun 28, 2016).

This project is looking so good!

I'd love the option for LDAP authentication built in (With permissions etc). I'm sure many others will too.
This would make it more appealing for larger organisations.

Thanks,

Originally created by @Luc1f3rUK on GitHub (Jun 28, 2016). This project is looking so good! I'd love the option for LDAP authentication built in (With permissions etc). I'm sure many others will too. This would make it more appealing for larger organisations. Thanks,
adam closed this issue 2025-12-29 15:30:19 +01:00
adam commented 2025-12-29 15:30:20 +01:00
Author
Owner
Copy Link

@aoyawale commented on GitHub (Jun 28, 2016):

1+

@aoyawale commented on GitHub (Jun 28, 2016): 1+
adam commented 2025-12-29 15:30:21 +01:00
Author
Owner
Copy Link

@troxil commented on GitHub (Jun 28, 2016):

+1

@troxil commented on GitHub (Jun 28, 2016): +1
adam commented 2025-12-29 15:30:21 +01:00
Author
Owner
Copy Link

@MrDragon commented on GitHub (Jun 28, 2016):

/AOL (me too), please.
Mostly username/password, if need be, access could be set in netbox. Would be awesome, though, if we could say "if member of group X, then they may edit" or some such thing :)

@MrDragon commented on GitHub (Jun 28, 2016): /AOL (me too), please. Mostly username/password, if need be, access could be set in netbox. Would be awesome, though, if we could say "if member of group X, then they may edit" or some such thing :)
adam commented 2025-12-29 15:30:21 +01:00
Author
Owner
Copy Link

@dinoocch commented on GitHub (Jun 28, 2016):

If you don't need a gui, django-auth-ldap is not too hard to set up, and provides the features you seem to be looking for.

@dinoocch commented on GitHub (Jun 28, 2016): If you don't need a gui, [django-auth-ldap](https://pythonhosted.org/django-auth-ldap/index.html) is not too hard to set up, and provides the features you seem to be looking for.
adam commented 2025-12-29 15:30:21 +01:00
Author
Owner
Copy Link

@grigorov commented on GitHub (Jul 4, 2016):

+1

@grigorov commented on GitHub (Jul 4, 2016): +1
adam commented 2025-12-29 15:30:22 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jul 6, 2016):

Awesome work by @dinoocch! Can we get some folks to test and report back? I'd like to soon as well, just need to figure out our LDAP arrangement internally.

I'd like to avoid having users make any changes to settings.py. All end-user config should be done in configuration.py and copied into Django's settings construct at runtime. This helps cleanly enforce required settings while avoiding errors from typos and whatnot. Given the amount of interest in supporting LDAP authentication, I think it makes sense to bake this into NetBox (along with declaring django-auth-ldap as a required dependency. Thoughts?

@jeremystretch commented on GitHub (Jul 6, 2016): Awesome work by @dinoocch! Can we get some folks to test and report back? I'd like to soon as well, just need to figure out our LDAP arrangement internally. I'd like to avoid having users make any changes to `settings.py`. All end-user config should be done in `configuration.py` and copied into Django's settings construct at runtime. This helps cleanly enforce required settings while avoiding errors from typos and whatnot. Given the amount of interest in supporting LDAP authentication, I think it makes sense to bake this into NetBox (along with declaring `django-auth-ldap` as a required dependency. Thoughts?
adam commented 2025-12-29 15:30:22 +01:00
Author
Owner
Copy Link

@MrDragon commented on GitHub (Jul 7, 2016):

+1 Beer for @dinoocch - works against our Winblows AD server. I'll have to play more with group-and-or combinations because our AD structure is ahem "unique".

  • to install, can python-django-auth-ldap be used (1.1.8-1 on Ubuntu), or does it need to be "pip...", which is a newer version?
  • in the documentation, perhaps a hint for people like me (who don't really know python/django, but can read code and muck around), that the ldap logs can be found in /var/log/supervisor/netbox... ?

I'd love to see this in netbox!

@MrDragon commented on GitHub (Jul 7, 2016): +1 Beer for @dinoocch - works against our Winblows AD server. I'll have to play more with group-and-or combinations because our AD structure is _ahem_ "unique". - to install, can python-django-auth-ldap be used (1.1.8-1 on Ubuntu), or does it need to be "pip...", which is a newer version? - in the documentation, perhaps a hint for people like me (who don't really know python/django, but can read code and muck around), that the ldap logs can be found in /var/log/supervisor/netbox... ? I'd love to see this in netbox!
adam commented 2025-12-29 15:30:22 +01:00
Author
Owner
Copy Link

@dinoocch commented on GitHub (Jul 7, 2016):

@MrDragon - Glad to be of assistance,

  • The ubuntu package is probably fine (The most recent version is 1.2.8, and I'd recommend using the latest stable version from pip if that is possible however)
  • The logging code will tie add the ldap logs to the django logger. See Django Docs By configuring the Django logger, you can redirect the logs to anywhere you like!

I'm working on a commit to add the settings to configuration.py, I'm trying to figure out the best structure for this, however...

@dinoocch commented on GitHub (Jul 7, 2016): @MrDragon - Glad to be of assistance, - The ubuntu package is probably fine (The most recent version is 1.2.8, and I'd recommend using the latest stable version from pip if that is possible however) - The logging code will tie add the ldap logs to the django logger. See [Django Docs](https://docs.djangoproject.com/en/1.9/topics/logging/) By configuring the Django logger, you can redirect the logs to anywhere you like! I'm working on a commit to add the settings to configuration.py, I'm trying to figure out the best structure for this, however...
adam commented 2025-12-29 15:30:23 +01:00
Author
Owner
Copy Link

@Zanthras commented on GitHub (Jul 8, 2016):

I can confirm running ldap auth as described against a FreeIPA auth server.

@Zanthras commented on GitHub (Jul 8, 2016): I can confirm running ldap auth as described against a FreeIPA auth server.
adam commented 2025-12-29 15:30:24 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jul 8, 2016):

#203 has been merged, but altered a good deal to avoid having users modify settings.py directly. The documentation has been moved to installation/ldap.md. It would be awesome if we could get a few people to try the new directions on a fresh install and report back with any issues.

@jeremystretch commented on GitHub (Jul 8, 2016): #203 has been merged, but altered a good deal to avoid having users modify settings.py directly. The documentation has been moved to `installation/ldap.md`. It would be **awesome** if we could get a few people to try the new directions on a fresh install and report back with any issues.
adam commented 2025-12-29 15:30:25 +01:00
Author
Owner
Copy Link

@MrDragon commented on GitHub (Jul 12, 2016):

Remember, I'm just an awful hack who's weak on AD/LDAP and worse on python, but:

  • would it make sense to add "email": "mail" to AUTH_LDAP_USER_ATTR_MAP ?
  • As we have groups in groups, esp. for the 'required group' (p.ex. staff, readers, admins, in group "netbox-access"), would it make more sense to use AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()? I think it still works if you have individual users in the "netbox-access" group. (Which also means you may need from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType)
@MrDragon commented on GitHub (Jul 12, 2016): Remember, I'm just an awful hack who's weak on AD/LDAP and worse on python, but: - would it make sense to add `"email": "mail"` to AUTH_LDAP_USER_ATTR_MAP ? - As we have groups in groups, esp. for the 'required group' (p.ex. staff, readers, admins, in group "netbox-access"), would it make more sense to use `AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()`? I think it still works if you have individual users in the "netbox-access" group. (Which also means you may need `from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType`)
adam commented 2025-12-29 15:30:25 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jul 12, 2016):

Basic LDAP support has been implemented in the v1.2.0 release. I'm going to mark this issue closed, but I encourage people to open new issues for any specific LDAP changes they'd like to see.

@jeremystretch commented on GitHub (Jul 12, 2016): Basic LDAP support has been implemented in the [v1.2.0 release](https://github.com/digitalocean/netbox/releases/tag/v1.2.0). I'm going to mark this issue closed, but I encourage people to open new issues for any specific LDAP changes they'd like to see.
adam commented 2025-12-29 15:30:26 +01:00
Author
Owner
Copy Link

@SignalDistress commented on GitHub (Jul 20, 2016):

I don't know if its at all helpful but for anyone else that Django LDAP is completely new for, you just add users with the same user as AD and then some dummy password. If your LDAP is setup correctly then you'll just log in with your LDAP username and password. It worked on the first time for me which was great.

If I'm dropping this comment in the wrong place just lemme know. Happy to help with any docs.

@SignalDistress commented on GitHub (Jul 20, 2016): I don't know if its at all helpful but for anyone else that Django LDAP is completely new for, you just add users with the same user as AD and then some dummy password. If your LDAP is setup correctly then you'll just log in with your LDAP username and password. It worked on the first time for me which was great. If I'm dropping this comment in the wrong place just lemme know. Happy to help with any docs.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#37
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?