Netbox LDAP configuration is located here
-
Install requirements
Debian/Ubuntu:
sudo apt install -y libldap2-dev libsasl2-dev libssl-dev
CentOS:
sudo yum install -y openldap-devel python3-devel
-
Install django-auth-ldap
source /opt/netbox/venv/bin/activatepip3 install django-auth-ldap
-
Add package to local requirements
sudo sh -c "echo 'django-auth-ldap' >> /opt/netbox/local_requirements.txt"
-
Enable LDAP backend in configuration.py (default: /opt/netbox/netbox/netbox/configuration.py)
REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'
-
Create ldap_config.py file
touch /opt/netbox/netbox/netbox/ldap_config.py
-
Copy and modify the configuration below
import ldap
from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType
# Server URI
AUTH_LDAP_SERVER_URI = "ldaps://lldap.example.com:6360"
# Connection options, if necessary
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0 # Disable referral chasing if not needed
}
# Bind DN and password for the service account
AUTH_LDAP_BIND_DN = "uid=admin,ou=people,dc=example,dc=com"
AUTH_LDAP_BIND_PASSWORD = "ChangeMe!"
# Ignore certificate errors (for self-signed certificates)
LDAP_IGNORE_CERT_ERRORS = False # Only use in development or testing!
# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)
LDAP_CA_CERT_DIR = '/etc/ssl/certs'
# Include this setting if you want to validate the LDAP server certificates against your own CA.
# Note that this is a NetBox-specific setting which sets:
# ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)
LDAP_CA_CERT_FILE = '/path/to/example-CA.crt'
# User search configuration
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"ou=people,dc=example,dc=com",
ldap.SCOPE_SUBTREE,
"(uid=%(user)s)"
)
# User DN template
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,dc=example,dc=com"
# Map LDAP attributes to Django user attributes
AUTH_LDAP_USER_ATTR_MAP = {
"username": "uid",
"email": "mail",
"first_name": "givenName",
"last_name": "sn",
}
# Group search configuration
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
"ou=groups,dc=example,dc=com",
ldap.SCOPE_SUBTREE,
"(objectClass=group)"
)
AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()
# Require users to be in a specific group to log in
AUTH_LDAP_REQUIRE_GROUP = "cn=netbox_users,ou=groups,dc=example,dc=com"
# Mirror LDAP group assignments
AUTH_LDAP_MIRROR_GROUPS = True
# Map LDAP groups to Django user flags
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
"is_superuser": "cn=netbox_admins,ou=groups,dc=example,dc=com"
}
# Find group permissions
AUTH_LDAP_FIND_GROUP_PERMS = True
# Cache group memberships to reduce LDAP traffic
AUTH_LDAP_CACHE_TIMEOUT = 3600
# Always update user information from LDAP on login
AUTH_LDAP_ALWAYS_UPDATE_USER = True
-
Restart netbox and netbox-rq
sudo systemctl restart netbox netbox-rq
-
Make logging directory
sudo mkdir -p /opt/netbox/local/logs/
-
Make log file
sudo touch /opt/netbox/local/logs/django-ldap-debug.log
-
Set permissions
sudo chown -R netbox:root /opt/netbox/local
-
Add the following to /opt/netbox/netbox/netbox/configuration.py
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'handlers': {
'netbox_auth_log': {
'level': 'DEBUG',
'class': 'logging.handlers.RotatingFileHandler',
'filename': '/opt/netbox/local/logs/django-ldap-debug.log',
'maxBytes': 1024 * 500,
'backupCount': 5,
},
},
'loggers': {
'django_auth_ldap': {
'handlers': ['netbox_auth_log'],
'level': 'DEBUG',
},
},
}