__netbox: add --ldap-staff-group parameter

Required to get "admin access".

type/__netbox/files/ldap_config.py.sh

@@ -53,6 +53,8 @@ AUTH_LDAP_GROUP_TYPE = PosixGroupType()
 
 # Mirror LDAP group assignments.
 AUTH_LDAP_MIRROR_GROUPS = True
+# For more granular permissions, map LDAP groups to Django groups.
+AUTH_LDAP_FIND_GROUP_PERMS = True
 EOF
 
     if [ "$LDAP_REQUIRE_GROUP" != "" ]; then
@@ -63,13 +65,18 @@ AUTH_LDAP_REQUIRE_GROUP = "$LDAP_REQUIRE_GROUP"
 EOF
     fi
 
-    if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then
-        cat << EOF
+    cat << EOF
 
 # Define special user types using groups. Exercise great caution when assigning superuser status.
 AUTH_LDAP_USER_FLAGS_BY_GROUP = {
-    "is_superuser": "$LDAP_SUPERUSER_GROUP",
-}
 EOF
+    # superuser
+    if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then
+        echo "    \"is_superuser\": \"$LDAP_SUPERUSER_GROUP\","
     fi
+    # staff user
+    if [ "$LDAP_STAFF_GROUP" != "" ]; then
+        echo "    \"is_staff\": \"$LDAP_STAFF_GROUP\","
+    fi
+    echo "}"
 fi

type/__netbox/man.rst

@@ -78,6 +78,10 @@ ldap-group-base
 ldap-require-group
     Group required to login.
 
+ldap-staff-group
+    Make members of this group to "staff". This gives the users "Admin Access",
+    which means access to the "NetBox Administration" site.
+
 ldap-superuser-group
     Make members of this groups superusers.
 

type/__netbox/manifest

@@ -89,6 +89,10 @@ if [ -f "$__object/parameter/ldap-superuser-group" ]; then
     LDAP_SUPERUSER_GROUP=$(cat "$__object/parameter/ldap-superuser-group")
     export LDAP_SUPERUSER_GROUP
 fi
+if [ -f "$__object/parameter/ldap-staff-group" ]; then
+    LDAP_STAFF_GROUP="$(cat "$__object/parameter/ldap-staff-group")"
+    export LDAP_STAFF_GROUP
+fi
 # export if base ldap parameters are used
 export USE_LDAP
 

type/__netbox/parameter/optional

@@ -7,6 +7,7 @@ ldap-bind-password
 ldap-user-base
 ldap-group-base
 ldap-require-group
+ldap-staff-group
 ldap-superuser-group
 redis-host
 redis-port