2020-07-21 05:46:45 +00:00
|
|
|
#!/bin/sh
|
|
|
|
|
2020-08-20 15:53:25 +00:00
|
|
|
# no configuration if there are no ldap parameters
|
2020-08-20 17:37:09 +00:00
|
|
|
if [ "$(find "$__object/parameter/" -type f -name 'ldap-*' -print)" ]; then
|
2020-08-20 15:53:25 +00:00
|
|
|
# skip
|
|
|
|
cat << EOF
|
|
|
|
##############################
|
|
|
|
# LDAP-backed authentication #
|
|
|
|
##############################
|
|
|
|
|
|
|
|
# no options set
|
|
|
|
EOF
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2020-07-21 05:46:45 +00:00
|
|
|
cat << EOF
|
|
|
|
##############################
|
|
|
|
# LDAP-backed authentication #
|
|
|
|
##############################
|
|
|
|
|
|
|
|
import ldap
|
2020-07-21 06:30:09 +00:00
|
|
|
from django_auth_ldap.config import LDAPSearch, PosixGroupType
|
2020-07-21 05:46:45 +00:00
|
|
|
|
|
|
|
# Server URI
|
|
|
|
AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
|
|
|
|
|
|
|
|
# Set the DN and password for the NetBox service account.
|
|
|
|
AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN"
|
|
|
|
AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD"
|
|
|
|
|
2020-07-21 06:30:09 +00:00
|
|
|
# Search for user entry.
|
|
|
|
AUTH_LDAP_USER_SEARCH = LDAPSearch("$LDAP_USER_BASE",
|
|
|
|
ldap.SCOPE_SUBTREE,
|
|
|
|
"(uid=%(user)s)")
|
2020-07-21 05:46:45 +00:00
|
|
|
|
|
|
|
# You can map user attributes to Django attributes as so.
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP = {
|
|
|
|
"first_name": "givenName",
|
|
|
|
"last_name": "sn",
|
|
|
|
"email": "mail"
|
|
|
|
}
|
|
|
|
EOF
|
2020-07-21 06:30:09 +00:00
|
|
|
|
|
|
|
if [ "$LDAP_GROUP_BASE" != "" ]; then
|
2020-08-22 19:58:44 +00:00
|
|
|
cat << EOF
|
2020-07-21 06:30:09 +00:00
|
|
|
|
|
|
|
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
|
|
|
|
# hierarchy.
|
|
|
|
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("$LDAP_GROUP_BASE", ldap.SCOPE_SUBTREE,
|
|
|
|
"(objectClass=posixGroup)")
|
|
|
|
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
|
|
|
|
|
|
|
|
# Mirror LDAP group assignments.
|
|
|
|
AUTH_LDAP_MIRROR_GROUPS = True
|
|
|
|
EOF
|
|
|
|
|
2020-08-22 19:58:44 +00:00
|
|
|
if [ "$LDAP_REQUIRE_GROUP" != "" ]; then
|
|
|
|
cat << EOF
|
2020-07-21 06:30:09 +00:00
|
|
|
|
|
|
|
# Define a group required to login.
|
|
|
|
AUTH_LDAP_REQUIRE_GROUP = "$LDAP_REQUIRE_GROUP"
|
|
|
|
EOF
|
2020-08-22 19:58:44 +00:00
|
|
|
fi
|
2020-07-21 06:30:09 +00:00
|
|
|
|
2020-08-22 19:58:44 +00:00
|
|
|
if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then
|
|
|
|
cat << EOF
|
2020-07-21 06:30:09 +00:00
|
|
|
|
|
|
|
# Define special user types using groups. Exercise great caution when assigning superuser status.
|
|
|
|
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
|
|
|
"is_superuser": "$LDAP_SUPERUSER_GROUP",
|
|
|
|
}
|
|
|
|
EOF
|
2020-08-22 19:58:44 +00:00
|
|
|
fi
|
2020-07-21 06:30:09 +00:00
|
|
|
fi
|