Skip to content

LDAP

Jump to bottom Edit New page
Jonathon Reinhart edited this page Feb 13, 2022 · 20 revisions

The images tagged with "-ldap" contain all the necessary dependencies to authenticate against an LDAP or Active Directory server. The default configuration ldap_config.py is prepared for use with an Active Directory server. Custom values can be injected using environment variables, similar to the main configuration mechanisms.

LDAP configuration is done by django ldap module

Take a note that changing configuration/ldap_config.py is strongly discouraged. NetBox container reports barely any python errors.

NetBox v2.9 and above

Netbox 2.9 changes the behaviour for the remote authentication. For LDAP to work these settings are necessary in the configuration.py file:

REMOTE_AUTH_ENABLED = True
REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'

Override example

Among others you can use docker-compose.override.yml to inject necessary variables.

Don't forget that the netbox-worker and netbox-housekeeping services should use the same image. See this issue.

Example override file for Active Directory

version: "3.4"
services:
  netbox:
    image: &NetboxImage netboxcommunity/netbox:${VERSION-latest-ldap}
    environment:
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-User,OU=SoftwareGroups,OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Domain Admins,CN=Users,DC=domain,dc=com"
      LDAP_IGNORE_CERT_ERRORS: "false"
  netbox-worker:
    image: *NetboxImage
  netbox-housekeeping:
    image: *NetboxImage

Example override file for OpenLDAP

Remember to change AUTH_LDAP_GROUP_TYPE to proper value.

version: "3.4"
services:
  netbox:
    image: &NetboxImage netboxcommunity/netbox:${VERSION-latest-ldap}
    environment:
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "cn=netbox,ou=services,dc=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "ou=people,dc=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "ou=groups,dc=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "cn=netbox" # or "cn=netbox,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "cn=netbox-admins,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "cn=netbox-superusers,ou=groups,dc=domain,dc=com"
      AUTH_LDAP_USER_SEARCH_ATTR: "uid"
      AUTH_LDAP_GROUP_SEARCH_CLASS: "groupOfUniqueNames"
      AUTH_LDAP_GROUP_TYPE: "GroupOfUniqueNamesType"
      AUTH_LDAP_ATTR_LASTNAME: "sn"
      AUTH_LDAP_ATTR_FIRSTNAME: "givenName"
      LDAP_IGNORE_CERT_ERRORS: "false"
  netbox-worker:
    image: *NetboxImage
  netbox-housekeeping:
    image: *NetboxImage
Add a custom footer
Add a custom sidebar
Clone this wiki locally