NetBox is an open source web application designed to help manage and document private computer networks. Initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers. It encompasses the following aspects of network management:
- IP address management (IPAM) – IP networks and addresses, VRFs, and VLANs
- Equipment racks – Organized by group and site
- Devices – Types of devices and where they are installed
- Connections – Network, console, and power connections among devices
- Virtualization – Virtual machines and clusters
- Data circuits – Long-haul communications circuits and providers
- Secrets – Encrypted storage of sensitive credentials
NetBox supports Python 3.6 and 3.7 environments currently. (Support for Python 3.5 was removed in NetBox v2.8.)
NetBox offer 2 types of authentication, local and LDAP. The following config file is presented to stop losing time in order to make it work. It will need to be placed in /opt/netbox/netbox/netbox.
import ldap
# Server URI
AUTH_LDAP_SERVER_URI = "ldap://ad.0x01.link"
# The following may be needed if you are binding to Active Directory.
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "CN=netbox,OU=SYS,DC=ZD,DC=0x01,DC=link"
AUTH_LDAP_BIND_PASSWORD = "PASSWORD"
# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
LDAP_IGNORE_CERT_ERRORS = True
from django_auth_ldap.config import LDAPSearch
# This search matches users with the sAMAccountName equal to the provided username. This is required if the user's
# username is not in their DN (Active Directory).
AUTH_LDAP_USER_SEARCH = LDAPSearch("DC=ad,DC=0x01,DC=link",
ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)")
# If a user's DN is producible from their username, we don't need to search.
#AUTH_LDAP_USER_DN_TEMPLATE = "None"
# You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# hierarchy.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("DC=ad,DC=0x01,DC=link", ldap.SCOPE_SUBTREE,
"(objectClass=group)")
AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
# Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP = "CN=SYSADMIN,OU=Groups,DC=ad,DC=0x01,DC=link"
# Mirror LDAP group assignments.
AUTH_LDAP_MIRROR_GROUPS = True
# Define special user types using groups. Exercise great caution when assigning superuser status.
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_active": "CN=SYSADMIN,OU=Groups,DC=ad,DC=0x01,DC=link",
"is_staff": "CN=SYSADMIN,OU=Groups,DC=ad,DC=0x01,DC=link",
"is_superuser": "CN=SYSADMIN,OU=Groups,DC=ad,DC=0x01,DC=link"
}
# For more granular permissions, we can map LDAP groups to Django groups.
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache groups for one hour to reduce LDAP traffic
AUTH_LDAP_CACHE_TIMEOUT = 3600
import logging, logging.handlers
logfile = "/var/log/django-ldap-debug.log"
my_logger = logging.getLogger('django_auth_ldap')
my_logger.setLevel(logging.WARNING)
handler = logging.handlers.RotatingFileHandler(
logfile, maxBytes=1024 * 500, backupCount=5)
my_logger.addHandler(handler)
0 Comments