#!/bin/sh # no configuration if there are no ldap parameters if [ -z "$USE_LDAP" ]; then # skip cat << EOF ############################## # LDAP-backed authentication # ############################## # no options set EOF exit 0 fi cat << EOF ############################## # LDAP-backed authentication # ############################## import ldap from django_auth_ldap.config import LDAPSearch, PosixGroupType # Server URI AUTH_LDAP_SERVER_URI = "$LDAP_SERVER" # Set the DN and password for the NetBox service account. AUTH_LDAP_BIND_DN = "$LDAP_BIND_DN" AUTH_LDAP_BIND_PASSWORD = "$LDAP_BIND_PASSWORD" # Search for user entry. AUTH_LDAP_USER_SEARCH = LDAPSearch("$LDAP_USER_BASE", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") # You can map user attributes to Django attributes as so. AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenName", "last_name": "sn", "email": "mail" } EOF if [ "$LDAP_GROUP_BASE" != "" ]; then cat << EOF # This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group # hierarchy. AUTH_LDAP_GROUP_SEARCH = LDAPSearch("$LDAP_GROUP_BASE", ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)") AUTH_LDAP_GROUP_TYPE = PosixGroupType() # Mirror LDAP group assignments. AUTH_LDAP_MIRROR_GROUPS = True # For more granular permissions, map LDAP groups to Django groups. AUTH_LDAP_FIND_GROUP_PERMS = True EOF if [ "$LDAP_REQUIRE_GROUP" != "" ]; then cat << EOF # Define a group required to login. AUTH_LDAP_REQUIRE_GROUP = "$LDAP_REQUIRE_GROUP" EOF fi cat << EOF # Define special user types using groups. Exercise great caution when assigning superuser status. AUTH_LDAP_USER_FLAGS_BY_GROUP = { EOF # superuser if [ "$LDAP_SUPERUSER_GROUP" != "" ]; then echo " \"is_superuser\": \"$LDAP_SUPERUSER_GROUP\"," fi # staff user if [ "$LDAP_STAFF_GROUP" != "" ]; then echo " \"is_staff\": \"$LDAP_STAFF_GROUP\"," fi echo "}" fi