Skip to content

LDAP

Jump to bottom Edit New page
Ryan Merolle edited this page Jul 16, 2020 · 20 revisions

The images tagged with "-ldap" contain all the necessary dependencies to authenticate against an LDAP or Active Directory server. The default configuration ldap_config.py is prepared for use with an Active Directory server. Custom values can be injected using environment variables, similar to the main configuration mechanisms.

LDAP configuration is done by django ldap module

Take a note that changing configuration/ldap_config.py is strongly discouraged. Netbox container reports barely any python errors

Override example

Among others you can use docker-compose.override.yml to inject necessary variables.

Example override file for Active Directory

version: "3.4"
services:
  netbox:
    image: netboxcommunity/netbox:${VERSION-latest-ldap}
    environment:
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-User,OU=SoftwareGroups,OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Domain Admins,CN=Users,DC=domain,dc=com"
      LDAP_IGNORE_CERT_ERRORS: "false"

Example override file for OpenLDAP

Remember to change AUTH_LDAP_GROUP_TYPE to proper value.

version: "3.4"
services:
  netbox:
    image: netboxcommunity/netbox:${VERSION-latest-ldap}
    environment:
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "cn=netbox,ou=services,dc=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "ou=people,dc=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "ou=groups,dc=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "cn=netbox" # or "cn=netbox,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "cn=donkey,ou=people,dc=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "cn=shrek,ou=people,dc=domain,dc=com"
      AUTH_LDAP_USER_SEARCH_ATTR: "cn"
      AUTH_LDAP_GROUP_SEARCH_CLASS: "groupOfUniqueNames"
      AUTH_LDAP_GROUP_TYPE: "GroupOfUniqueNamesType"
      AUTH_LDAP_ATTR_LASTNAME: "sn"
      AUTH_LDAP_ATTR_FIRSTNAME: "givenName"
      LDAP_IGNORE_CERT_ERRORS: "false"
Add a custom footer
Add a custom sidebar
Clone this wiki locally