starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

LdapBackendAuthentication with API tokens #7326

New Issue
Closed
opened 2025-12-29 20:21:48 +01:00 by adam · 3 comments
adam commented 2025-12-29 20:21:48 +01:00
Owner
Copy Link

Originally created by @jessux on GitHub (Dec 5, 2022).

NetBox version

V3.3.9

Python version

3.9

Steps to Reproduce

Setup LDAP authentication with

Remote authentication support

REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'
REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_DEFAULT_GROUPS = []
REMOTE_AUTH_DEFAULT_PERMISSIONS = {}

Log to netbox
Create a local account + a token or a create a token for your account

Setup logging debug for LDAP

Call API with the token

Expected Behavior

The API call don't need to call the LDAP authentication

Observed Behavior

Every API call, it calls the LDAP

Originally created by @jessux on GitHub (Dec 5, 2022). ### NetBox version V3.3.9 ### Python version 3.9 ### Steps to Reproduce Setup LDAP authentication with # Remote authentication support REMOTE_AUTH_ENABLED = True REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend' REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER' REMOTE_AUTH_AUTO_CREATE_USER = True REMOTE_AUTH_DEFAULT_GROUPS = [] REMOTE_AUTH_DEFAULT_PERMISSIONS = {} Log to netbox Create a local account + a token or a create a token for your account Setup logging debug for LDAP Call API with the token ### Expected Behavior The API call don't need to call the LDAP authentication ### Observed Behavior Every API call, it calls the LDAP
adam added the type: bug label 2025-12-29 20:21:48 +01:00
adam closed this issue 2025-12-29 20:21:48 +01:00
adam commented 2025-12-29 20:21:50 +01:00
Author
Owner
Copy Link

@jessux commented on GitHub (Dec 5, 2022):

Update :

in the file authentication.py:
user = token.user
# When LDAP authentication is active try to load user data from LDAP directory
if settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend':
from netbox.authentication import LDAPBackend
ldap_backend = LDAPBackend()

      # Load from LDAP if FIND_GROUP_PERMS is active
      # Always query LDAP when user is not active, otherwise it is never activated again
      if ldap_backend.settings.FIND_GROUP_PERMS or not token.user.is_active:
          ldap_user = ldap_backend.populate_user(token.user.username)
          # If the user is found in the LDAP directory use it, if not fallback to the local user
          if ldap_user:
              user = ldap_user

This part of code calls every requests the user in the LDAP.
Our LDAP locks connections for 2 minutes when spamming binding requests.
Is this part of code is normal or should be changed ?
We commented this part on our netbox and works fine !

@jessux commented on GitHub (Dec 5, 2022): Update : in the file authentication.py: user = token.user # When LDAP authentication is active try to load user data from LDAP directory if settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend': from netbox.authentication import LDAPBackend ldap_backend = LDAPBackend() # Load from LDAP if FIND_GROUP_PERMS is active # Always query LDAP when user is not active, otherwise it is never activated again if ldap_backend.settings.FIND_GROUP_PERMS or not token.user.is_active: ldap_user = ldap_backend.populate_user(token.user.username) # If the user is found in the LDAP directory use it, if not fallback to the local user if ldap_user: user = ldap_user This part of code calls every requests the user in the LDAP. Our LDAP locks connections for 2 minutes when spamming binding requests. Is this part of code is normal or should be changed ? We commented this part on our netbox and works fine !
adam commented 2025-12-29 20:21:52 +01:00
Author
Owner
Copy Link

@kkthxbye-code commented on GitHub (Dec 6, 2022):

Disable AUTH_LDAP_FIND_GROUP_PERMS and use AUTH_LDAP_MIRROR_GROUPS or manage groups manually instead.

Related issues and discussions:

https://github.com/netbox-community/netbox/pull/7928
https://github.com/netbox-community/netbox/issues/7751
https://github.com/netbox-community/netbox/pull/7676
https://github.com/netbox-community/netbox/issues/6926
https://github.com/netbox-community/netbox/discussions/7708

Short summary: The remaining issue is caused by the cache in django-auth-ldap not functioning with the way we are calling it for API access. No one has even shown any interest in fixing the underlying issue though.

I'll close this out, if you are interested in fixing the django-auth-ldap integration (not just removing the authentication code), I'll reopen it, assign you and you can rewrite the bug report to conform to the template.

@kkthxbye-code commented on GitHub (Dec 6, 2022): Disable AUTH_LDAP_FIND_GROUP_PERMS and use AUTH_LDAP_MIRROR_GROUPS or manage groups manually instead. Related issues and discussions: https://github.com/netbox-community/netbox/pull/7928 https://github.com/netbox-community/netbox/issues/7751 https://github.com/netbox-community/netbox/pull/7676 https://github.com/netbox-community/netbox/issues/6926 https://github.com/netbox-community/netbox/discussions/7708 Short summary: The remaining issue is caused by the cache in django-auth-ldap not functioning with the way we are calling it for API access. No one has even shown any interest in fixing the underlying issue though. I'll close this out, if you are interested in fixing the django-auth-ldap integration (not just removing the authentication code), I'll reopen it, assign you and you can rewrite the bug report to conform to the template.
adam commented 2025-12-29 20:21:56 +01:00
Author
Owner
Copy Link

@jessux commented on GitHub (Dec 7, 2022):

Hello,
Thanks for your reply.
I'm not having time for this right now but if i find a correction i'll post it for sure !

@jessux commented on GitHub (Dec 7, 2022): Hello, Thanks for your reply. I'm not having time for this right now but if i find a correction i'll post it for sure !
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#7326
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?