Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ldap: missing default values make configuration difficult #59

Closed
ThomasADavis opened this issue Oct 13, 2021 · 8 comments
Closed

ldap: missing default values make configuration difficult #59

ThomasADavis opened this issue Oct 13, 2021 · 8 comments
Assignees
@bootc
Labels
bug Something isn't working
Milestone
4.0

Comments

@ThomasADavis
Copy link
Contributor

You have to set a password for the ldap access.. in anonymous access, there is no need for a read-only connection to have a password. This is the mode we run our ldap service as.

The chart errors out at:

[root@mouse-r13 netbox]# helm upgrade -n netbox netbox bootc/netbox -f ldap.yaml 
Error: UPGRADE FAILED: template: netbox/templates/secret.yaml:25:64: executing "netbox/templates/secret.yaml" at <b64enc>: invalid value; expected string
@ThomasADavis
Copy link
Contributor Author

Oh, never mind. The clue is all fields in the ldap: section must be there; otherwise, the config is wrong..

@bootc
Copy link
Member

bootc commented Oct 13, 2021

Actually, that's pretty sucky for users, so I'm reopening this to rework that. You're not the first person to be bitten by this.

@bootc bootc reopened this Oct 13, 2021
@bootc bootc self-assigned this Oct 13, 2021
@bootc bootc added the bug Something isn't working label Oct 13, 2021
@bootc bootc changed the title ldap anonymous access breaks secrets template ldap: missing default values make configuration difficult Oct 13, 2021
@ThomasADavis
Copy link
Contributor Author

I did get it to work with anonymous access, and that's not documented either in the docker page..

@bootc
Copy link
Member

bootc commented Nov 27, 2021

What did you need to do to enable anonymous access? Set the field to the empty string?

@bootc bootc added the more info More information required from the reporter label Nov 27, 2021
@bootc bootc added this to the 4.0 milestone Nov 27, 2021
@bootc
Copy link
Member

bootc commented Nov 27, 2021

I should add this is mostly a duplicate of #41 aside from the anonymous access question.

@ThomasADavis
Copy link
Contributor Author

This is what worked; but yes, both binddn and bindpw have to be defined, and empty - aka ''

remoteAuth:
  enabled: true
    #backend: netbox.authentication.RemoteUserBackend
  backend: netbox.authentication.LDAPBackend
  autoCreateUser: true
    # header: HTTP_REMOTE_USER
  defaultGroups: []
  defaultPermissions: {}
  ldap:
    serverUri: 'ldaps://ldapcrt.nersc.gov'
    startTls: false
    ignoreCertErrors: true
    bindDn: ''
    bindPassword: ''
    userDnTemplate: null
    userSearchBaseDn: 'ou=people,ou=nim-ldap,ou=Host,o=ldapsvc,dc=nersc,dc=gov'
    userSearchAttr: 'uid'
    groupSearchBaseDn: 'ou=PosixGroup,ou=nim-ldap,ou=Host,o=ldapsvc,dc=nersc,dc=gov'
    groupSearchClass: 'posixGroup'
    groupType: 'PosixGroupType'
    requireGroupDn: 'cn=staff,ou=PosixGroup,ou=nim-ldap,ou=Host,o=ldapsvc,dc=nersc,dc=gov'
    findGroupPerms: true
    mirrorGroups: true
    mirrorGroupsExcept: null
    cacheTimeout: 3600
    isAdminDn: 'cn=staff,ou=PosixGroup,ou=nim-ldap,ou=Host,o=ldapsvc,dc=nersc,dc=gov'
    isSuperUserDn: 'cn=otg,ou=PosixGroup,ou=nim-ldap,ou=Host,o=ldapsvc,dc=nersc,dc=gov'
    attrFirstName: 'givenName'
    attrLastName: 'sn'
    attrMail: 'mail'

@bootc
Copy link
Member

bootc commented Nov 27, 2021

Thanks, I'll get a documentation tweak into the README that says that.

@bootc bootc removed the more info More information required from the reporter label Nov 27, 2021
@bootc bootc added the pending Issue is in a branch waiting for a release label Nov 28, 2021
@bootc bootc closed this as completed in f1fe887 Nov 29, 2021
@bootc bootc removed the pending Issue is in a branch waiting for a release label Nov 29, 2021
@bootc
Copy link
Member

bootc commented Nov 29, 2021

I've just released version 4.0.1 of this chart which resolves this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bootc bootc

Labels
bug Something isn't working
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
2 participants
@bootc @ThomasADavis