diff --git a/type/__netbox/files/ldap_config.py.sh b/type/__netbox/files/ldap_config.py.sh new file mode 100755 index 0000000..88af4b9 --- /dev/null +++ b/type/__netbox/files/ldap_config.py.sh @@ -0,0 +1,27 @@ +#!/bin/sh + +cat << EOF +############################## +# LDAP-backed authentication # +############################## + +import ldap +from django_auth_ldap.config import LDAPSearch + +# Server URI +AUTH_LDAP_SERVER_URI = "$LDAP_SERVER" + +# Set the DN and password for the NetBox service account. +AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN" +AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD" + +# If a user's DN is producible from their username, we don't need to search. +AUTH_LDAP_USER_DN_TEMPLATE = "$LDAP_USER_DN_TEMPLATE" + +# You can map user attributes to Django attributes as so. +AUTH_LDAP_USER_ATTR_MAP = { + "first_name": "givenName", + "last_name": "sn", + "email": "mail" +} +EOF diff --git a/type/__netbox/gencode-remote b/type/__netbox/gencode-remote index a52b110..e3157a9 100755 --- a/type/__netbox/gencode-remote +++ b/type/__netbox/gencode-remote @@ -27,18 +27,26 @@ tar xf '$archive' # Save cdist-upload configuration file. mkdir -p "\$tmpdir" cp '$install_dir/cdist/configuration.py' "\$tmpdir/configuration.py" +cp '$install_dir/cdist/ldap_config.py' "\$tmpdir/ldap_config.py" # Deploy sources and restore configuration. rm -r '$install_dir' cp -r '$src/netbox' '$install_dir' cp \$tmpdir/configuration.py '$install_dir/netbox/configuration.py' +cp \$tmpdir/ldap_config.py '$install_dir/netbox/ldap_config.py' # Setup & enter python virtualenv. virtualenv /opt/netbox/venv # Install python dependencies. /opt/netbox/venv/bin/pip3 install -r "\$tmpdir/$src/requirements.txt" +EOF +if [ -f "$__object/parameter/ldap-server" ]; then + echo "/opt/netbox/venv/bin/pip3 install django-auth-ldap" +fi + +cat << EOF # Set final permissions. chown -R netbox /opt/netbox diff --git a/type/__netbox/manifest b/type/__netbox/manifest index 64a0a55..2976686 100644 --- a/type/__netbox/manifest +++ b/type/__netbox/manifest @@ -10,6 +10,11 @@ case "$os" in __package $pkg done + if [ -f "$__object/parameter/ldap-server" ]; then + for pkg in libldap2-dev libsasl2-dev libssl-dev; do + __package $pkg + done + fi ;; *) printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 @@ -23,18 +28,42 @@ export DATABASE_PASSWORD=$(cat "$__object/parameter/database-password") export ALLOWED_HOST=$(cat "$__object/parameter/host") export SECRET_KEY=$(cat "$__object/parameter/secret-key") +if [ -f "$__object/parameter/ldap-server" ]; then + export LDAP_SERVER=$(cat "$__object/parameter/ldap-server") +fi + +if [ -f "$__object/parameter/ldap-bind-dn" ]; then + export LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn") +fi + +if [ -f "$__object/parameter/ldap-bind-password" ]; then + export LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password") +fi + +if [ -f "$__object/parameter/ldap-user-dn-template" ]; then + export LDAP_USER_DN_TEMPLATE=$(cat "$__object/parameter/ldap-user-dn-template") +fi + # Create system user used to run netbox. __user netbox --system --home /opt/netbox --create-home # Generate and upload netbox configuration. mkdir -p "$__object/files" "$__type/files/configuration.py.sh" > "$__object/files/configuration.py" +"$__type/files/ldap_config.py.sh" > "$__object/files/ldap_config.py" require="__user/netbox" __directory /opt/netbox/netbox/cdist --parents require="__directory/opt/netbox/netbox/cdist " __file \ /opt/netbox/netbox/cdist/configuration.py --mode 640 --owner netbox \ --source "$__object/files/configuration.py" +if [ -f "$__object/parameter/ldap-server" ]; then + require="__directory/opt/netbox/netbox/cdist " __file \ + /opt/netbox/netbox/cdist/ldap_config.py --mode 640 --owner netbox \ + --source "$__object/files/ldap_config.py" +fi + + # Upload systemd units and gunicorn configuration. for unit in netbox netbox-rq; do __file /etc/systemd/system/$unit.service \ diff --git a/type/__netbox/parameter/optional b/type/__netbox/parameter/optional new file mode 100644 index 0000000..c946d73 --- /dev/null +++ b/type/__netbox/parameter/optional @@ -0,0 +1,4 @@ +ldap-server +ldap-bind-dn +ldap-bind-password +ldap-user-dn-template