-
Notifications
You must be signed in to change notification settings - Fork 38
/
nautobot_config.py.ldap
96 lines (74 loc) · 2.98 KB
/
nautobot_config.py.ldap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
"""Nautobot development configuration file."""
# pylint: disable=invalid-envvar-default
import os
import sys
from nautobot.core.settings import * # noqa: F403 # pylint: disable=wildcard-import,unused-wildcard-import
from nautobot.core.settings_funcs import parse_redis_connection, is_truthy
#
# Debug
#
DEBUG = is_truthy(os.getenv("NAUTOBOT_DEBUG", False))
TESTING = len(sys.argv) > 1 and sys.argv[1] == "test"
#
# Redis
#
# The django-redis cache is used to establish concurrent locks using Redis.
#
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": parse_redis_connection(redis_database=0),
"TIMEOUT": 300,
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
},
}
}
# Redis Cacheops
CACHEOPS_REDIS = parse_redis_connection(redis_database=1)
#
# Celery settings are not defined here because they can be overloaded with
# environment variables. By default they use `CACHES["default"]["LOCATION"]`.
#
# Enable installed plugins. Add the name of each plugin to the list.
PLUGINS = ["nautobot_example_plugin"]
# Plugins configuration settings. These settings are used by various plugins that the user may have installed.
# Each key in the dictionary is the name of an installed plugin and its value is a dictionary of settings.
PLUGINS_CONFIG = {
"nautobot_example_plugin": {},
}
#########################
# #
# LDAP Settings #
# #
#########################
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
'nautobot.core.authentication.ObjectPermissionBackend',
]
import ldap
# Server URI
AUTH_LDAP_SERVER_URI = os.getenv("NAUTOBOT_AUTH_LDAP_SERVER_URI")
# The following may be needed if you are binding to Active Directory.
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}
# Set the DN and password for the Nautobot service account.
AUTH_LDAP_BIND_DN = os.getenv("NAUTOBOT_AUTH_LDAP_BIND_DN", "CN=NAUTOBOTSA,OU=Service Accounts,DC=example,DC=com")
AUTH_LDAP_BIND_PASSWORD = os.getenv("NAUTOBOT_AUTH_LDAP_BIND_PASSWORD")
# Include this `ldap.set_option` call if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
from django_auth_ldap.config import LDAPSearch
# This search matches users with the sAMAccountName equal to the provided username. This is required if the user's
# username is not in their DN (Active Directory).
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=Users,dc=example,dc=com",
ldap.SCOPE_SUBTREE,
"(sAMAccountName=%(user)s)")
# If a user's DN is producible from their username, we don't need to search.
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=example,dc=com"
# You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}