__netbox: add minimal LDAP support

This commit is contained in:
fnux 2020-07-21 07:46:45 +02:00
parent 70047d10b1
commit ab2c826cc3
4 changed files with 68 additions and 0 deletions

View file

@ -0,0 +1,27 @@
#!/bin/sh
cat << EOF
##############################
# LDAP-backed authentication #
##############################
import ldap
from django_auth_ldap.config import LDAPSearch
# Server URI
AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
# Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN"
AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD"
# If a user's DN is producible from their username, we don't need to search.
AUTH_LDAP_USER_DN_TEMPLATE = "$LDAP_USER_DN_TEMPLATE"
# You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}
EOF

View file

@ -27,18 +27,26 @@ tar xf '$archive'
# Save cdist-upload configuration file. # Save cdist-upload configuration file.
mkdir -p "\$tmpdir" mkdir -p "\$tmpdir"
cp '$install_dir/cdist/configuration.py' "\$tmpdir/configuration.py" cp '$install_dir/cdist/configuration.py' "\$tmpdir/configuration.py"
cp '$install_dir/cdist/ldap_config.py' "\$tmpdir/ldap_config.py"
# Deploy sources and restore configuration. # Deploy sources and restore configuration.
rm -r '$install_dir' rm -r '$install_dir'
cp -r '$src/netbox' '$install_dir' cp -r '$src/netbox' '$install_dir'
cp \$tmpdir/configuration.py '$install_dir/netbox/configuration.py' cp \$tmpdir/configuration.py '$install_dir/netbox/configuration.py'
cp \$tmpdir/ldap_config.py '$install_dir/netbox/ldap_config.py'
# Setup & enter python virtualenv. # Setup & enter python virtualenv.
virtualenv /opt/netbox/venv virtualenv /opt/netbox/venv
# Install python dependencies. # Install python dependencies.
/opt/netbox/venv/bin/pip3 install -r "\$tmpdir/$src/requirements.txt" /opt/netbox/venv/bin/pip3 install -r "\$tmpdir/$src/requirements.txt"
EOF
if [ -f "$__object/parameter/ldap-server" ]; then
echo "/opt/netbox/venv/bin/pip3 install django-auth-ldap"
fi
cat << EOF
# Set final permissions. # Set final permissions.
chown -R netbox /opt/netbox chown -R netbox /opt/netbox

View file

@ -10,6 +10,11 @@ case "$os" in
__package $pkg __package $pkg
done done
if [ -f "$__object/parameter/ldap-server" ]; then
for pkg in libldap2-dev libsasl2-dev libssl-dev; do
__package $pkg
done
fi
;; ;;
*) *)
printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2 printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
@ -23,18 +28,42 @@ export DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
export ALLOWED_HOST=$(cat "$__object/parameter/host") export ALLOWED_HOST=$(cat "$__object/parameter/host")
export SECRET_KEY=$(cat "$__object/parameter/secret-key") export SECRET_KEY=$(cat "$__object/parameter/secret-key")
if [ -f "$__object/parameter/ldap-server" ]; then
export LDAP_SERVER=$(cat "$__object/parameter/ldap-server")
fi
if [ -f "$__object/parameter/ldap-bind-dn" ]; then
export LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
fi
if [ -f "$__object/parameter/ldap-bind-password" ]; then
export LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
fi
if [ -f "$__object/parameter/ldap-user-dn-template" ]; then
export LDAP_USER_DN_TEMPLATE=$(cat "$__object/parameter/ldap-user-dn-template")
fi
# Create system user used to run netbox. # Create system user used to run netbox.
__user netbox --system --home /opt/netbox --create-home __user netbox --system --home /opt/netbox --create-home
# Generate and upload netbox configuration. # Generate and upload netbox configuration.
mkdir -p "$__object/files" mkdir -p "$__object/files"
"$__type/files/configuration.py.sh" > "$__object/files/configuration.py" "$__type/files/configuration.py.sh" > "$__object/files/configuration.py"
"$__type/files/ldap_config.py.sh" > "$__object/files/ldap_config.py"
require="__user/netbox" __directory /opt/netbox/netbox/cdist --parents require="__user/netbox" __directory /opt/netbox/netbox/cdist --parents
require="__directory/opt/netbox/netbox/cdist " __file \ require="__directory/opt/netbox/netbox/cdist " __file \
/opt/netbox/netbox/cdist/configuration.py --mode 640 --owner netbox \ /opt/netbox/netbox/cdist/configuration.py --mode 640 --owner netbox \
--source "$__object/files/configuration.py" --source "$__object/files/configuration.py"
if [ -f "$__object/parameter/ldap-server" ]; then
require="__directory/opt/netbox/netbox/cdist " __file \
/opt/netbox/netbox/cdist/ldap_config.py --mode 640 --owner netbox \
--source "$__object/files/ldap_config.py"
fi
# Upload systemd units and gunicorn configuration. # Upload systemd units and gunicorn configuration.
for unit in netbox netbox-rq; do for unit in netbox netbox-rq; do
__file /etc/systemd/system/$unit.service \ __file /etc/systemd/system/$unit.service \

View file

@ -0,0 +1,4 @@
ldap-server
ldap-bind-dn
ldap-bind-password
ldap-user-dn-template