__netbox: add minimal LDAP support

type/__netbox/files/ldap_config.py.sh

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+cat << EOF
+##############################
+# LDAP-backed authentication #
+##############################
+
+import ldap
+from django_auth_ldap.config import LDAPSearch
+
+# Server URI
+AUTH_LDAP_SERVER_URI = "$LDAP_SERVER"
+
+# Set the DN and password for the NetBox service account.
+AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN"
+AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD"
+
+# If a user's DN is producible from their username, we don't need to search.
+AUTH_LDAP_USER_DN_TEMPLATE = "$LDAP_USER_DN_TEMPLATE"
+
+# You can map user attributes to Django attributes as so.
+AUTH_LDAP_USER_ATTR_MAP = {
+    "first_name": "givenName",
+    "last_name": "sn",
+    "email": "mail"
+}
+EOF

type/__netbox/gencode-remote

@@ -27,18 +27,26 @@ tar xf '$archive'
 # Save cdist-upload configuration file.
 mkdir -p "\$tmpdir"
 cp '$install_dir/cdist/configuration.py' "\$tmpdir/configuration.py"
+cp '$install_dir/cdist/ldap_config.py' "\$tmpdir/ldap_config.py"
 
 # Deploy sources and restore configuration.
 rm -r '$install_dir'
 cp -r '$src/netbox' '$install_dir'
 cp \$tmpdir/configuration.py '$install_dir/netbox/configuration.py'
+cp \$tmpdir/ldap_config.py '$install_dir/netbox/ldap_config.py'
 
 # Setup & enter python virtualenv.
 virtualenv /opt/netbox/venv
 
 # Install python dependencies.
 /opt/netbox/venv/bin/pip3 install -r "\$tmpdir/$src/requirements.txt"
+EOF
 
+if [ -f "$__object/parameter/ldap-server" ]; then
+	echo "/opt/netbox/venv/bin/pip3 install django-auth-ldap"
+fi
+
+cat << EOF
 # Set final permissions.
 chown -R netbox /opt/netbox
 

type/__netbox/manifest

@@ -10,6 +10,11 @@ case "$os" in
 			__package $pkg
 		done
 
+		if [ -f "$__object/parameter/ldap-server" ]; then
+			for pkg in libldap2-dev libsasl2-dev libssl-dev; do
+				__package $pkg
+			done
+		fi
 		;;
 	*)
 		printf "Your operating system (%s) is currently not supported by this type (%s)\n" "$os" "${__type##*/}" >&2
@@ -23,18 +28,42 @@ export DATABASE_PASSWORD=$(cat "$__object/parameter/database-password")
 export ALLOWED_HOST=$(cat "$__object/parameter/host")
 export SECRET_KEY=$(cat "$__object/parameter/secret-key")
 
+if [ -f "$__object/parameter/ldap-server" ]; then
+	export LDAP_SERVER=$(cat "$__object/parameter/ldap-server")
+fi
+
+if [ -f "$__object/parameter/ldap-bind-dn" ]; then
+	export LDAP_BIND_DN=$(cat "$__object/parameter/ldap-bind-dn")
+fi
+
+if [ -f "$__object/parameter/ldap-bind-password" ]; then
+	export LDAP_BIND_PASSWORD=$(cat "$__object/parameter/ldap-bind-password")
+fi
+
+if [ -f "$__object/parameter/ldap-user-dn-template" ]; then
+	export LDAP_USER_DN_TEMPLATE=$(cat "$__object/parameter/ldap-user-dn-template")
+fi
+
 # Create system user used to run netbox.
 __user netbox --system --home /opt/netbox --create-home
 
 # Generate and upload netbox configuration.
 mkdir -p "$__object/files"
 "$__type/files/configuration.py.sh" > "$__object/files/configuration.py"
+"$__type/files/ldap_config.py.sh" > "$__object/files/ldap_config.py"
 
 require="__user/netbox" __directory /opt/netbox/netbox/cdist --parents
 require="__directory/opt/netbox/netbox/cdist " __file \
 	/opt/netbox/netbox/cdist/configuration.py --mode 640 --owner netbox \
 	--source "$__object/files/configuration.py"
 
+if [ -f "$__object/parameter/ldap-server" ]; then
+	require="__directory/opt/netbox/netbox/cdist " __file \
+		/opt/netbox/netbox/cdist/ldap_config.py --mode 640 --owner netbox \
+		--source "$__object/files/ldap_config.py"
+fi
+
+
 # Upload systemd units and gunicorn configuration.
 for unit in netbox netbox-rq; do
 	__file /etc/systemd/system/$unit.service \

type/__netbox/parameter/optional

@@ -0,0 +1,4 @@
+ldap-server
+ldap-bind-dn
+ldap-bind-password
+ldap-user-dn-template