develop-2.9-ldap doesn't use LDAP authentication

[nakuna]

Current Behavior

Version develop-2.9-ldap doesn't use LDAP authentication.

Expected Behavior

Remote authentication and LDAPBackend should be enabled by default.

FIX

configuration.py:

+ REMOTE_AUTH_ENABLED="true"
+ REMOTE_AUTH_BACKEND="netbox.authentication.LDAPBackend"

Configuration Changes
https://netbox.readthedocs.io/en/develop-2.9/release-notes/

Debug Information

The command you used to start the project:

git clone -b release https://github.com/netbox-community/netbox-docker.git .
cp ../devnetbox0/docker-compose.override.yml .
export VERSION=develop-2.9-ldap
docker-compose pull netbox
docker-compose up -d 

docker-compose version:

docker-compose version 1.18.0, build 8dd22a9
docker-py version: 2.6.1
CPython version: 3.6.8
OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017

docker version:

Client:
 Version:         1.13.1
 API version:     1.26
 Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
 Go version:      go1.10.3
 Git commit:      64e9980/1.13.1
 Built:           Tue Apr 28 14:43:01 2020
 OS/Arch:         linux/amd64

Server:

 Version:         1.13.1
 API version:     1.26 (minimum version 1.12)
 Package version: docker-1.13.1-161.git64e9980.el7_8.x86_64
 Go version:      go1.10.3
 Git commit:      64e9980/1.13.1
 Built:           Tue Apr 28 14:43:01 2020
 OS/Arch:         linux/amd64
 Experimental:    false

git rev-parse HEAD:
e9a9d9b

docker inspect netboxcommunity/netbox:develop-2.9-ldap --format "{{json .Config.Labels}}":
{"BUILD_REASON":"netbox","NETBOX_GIT_BRANCH":"HEAD","NETBOX_GIT_REF":"27796bbd08fa4f3c741ef5ae278d3ce8e2107f85","NETBOX_GIT_URL":"https://github.com/netbox-community/netbox.git","ORIGINAL_TAG":"docker.io/netboxcommunity/netbox:develop-2.9-ldap","org.label-schema.build-date":"2020-06-23T05:48+00:00","org.label-schema.description":"A container based distribution of Netbox, the free and open IPAM and DCIM solution.","org.label-schema.name":"Netbox Docker","org.label-schema.schema-version":"1.0","org.label-schema.url":"https://github.com/netbox-community/netbox-docker","org.label-schema.usage":"https://github.com/netbox-community/netbox-docker/wiki","org.label-schema.vcs-ref":"e9a9d9b70bb1afaaeb4d120ce37263372f67c6af","org.label-schema.vcs-url":"https://github.com/netbox-community/netbox-docker.git","org.label-schema.vendor":"The netbox-docker contributors.","org.label-schema.version":"0.24.1","org.opencontainers.image.authors":"The netbox-docker contributors.","org.opencontainers.image.created":"2020-06-23T05:48+00:00","org.opencontainers.image.description":"A container based distribution of Netbox, the free and open IPAM and DCIM solution.","org.opencontainers.image.documentation":"https://github.com/netbox-community/netbox-docker/wiki","org.opencontainers.image.licenses":"Apache-2.0","org.opencontainers.image.revision":"e9a9d9b70bb1afaaeb4d120ce37263372f67c6af","org.opencontainers.image.source":"https://github.com/netbox-community/netbox-docker.git","org.opencontainers.image.title":"Netbox Docker","org.opencontainers.image.url":"https://github.com/netbox-community/netbox-docker","org.opencontainers.image.vendor":"The netbox-docker contributors.","org.opencontainers.image.version":"0.24.1"}

[ananace]

Just to note; Still not working for the 2.9.0, 2.9.1, or 2.9.2 -ldap tags either.

[turin331]

Same issue with all 2.9 ldap versions with this config for Active Directory:

version: "3.4"
services:
  nginx:
    ports:
     - 8000:8080
  netbox:
    image: netboxcommunity/netbox:${VERSION-latest-ldap}
    environment:
      AUTH_LDAP_SERVER_URI: "ldap://dc.local"
      AUTH_LDAP_BIND_DN: "CN=netbox,CN=Users,DC=dc,DC=local"
      AUTH_LDAP_BIND_PASSWORD: "mysecretpassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "CN=Users,DC=dc,DC=local"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "CN=Users,DC=dc,DC=local"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-User,CN=Users,DC=dc,DC=local"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Netbox-User,CN=Users,DC=dc,DC=local"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Netbox-User,CN=Users,DC=dc,DC=local"
      LDAP_IGNORE_CERT_ERRORS: "false"

[MaartenMol]

Still not working with the v2.9.3-ldap tag. Any chance to fix this in the the next image build?

[nakuna]

This is a quick fix for now. Add following lines to configuration/configuration.py:

REMOTE_AUTH_ENABLED="true"
REMOTE_AUTH_BACKEND="netbox.authentication.LDAPBackend"
AUTH_USER_MODEL="auth.User"

Then

docker-compose down
docker-compose up -d

[nakuna]

This only works when I use local building right?

Follow Getting-Started and LDAP instructions
https://github.com/netbox-community/netbox-docker/wiki/Getting-Started
https://github.com/netbox-community/netbox-docker/wiki/LDAP

eg.

git clone -b release https://github.com/netbox-community/netbox-docker.git
cd netbox-docker
tee docker-compose.override.yml <<EOF

version: "3.4"
services:
  nginx:
    ports:
    - 8000:8080
  netbox:
    image: netboxcommunity/netbox:${VERSION-latest-ldap}
    environment:
      AUTH_LDAP_SERVER_URI: "ldaps://domain.com"
      AUTH_LDAP_BIND_DN: "CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_BIND_PASSWORD: "TopSecretPassword"
      AUTH_LDAP_USER_SEARCH_BASEDN: "OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-User,OU=SoftwareGroups,OU=SubGroups,OU=MyCompany,DC=domain,dc=com"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Domain Admins,CN=Users,DC=domain,dc=com"
      LDAP_IGNORE_CERT_ERRORS: "false"

EOF

export VERSION=v2.9.3-ldap
docker-compose pull netbox

tee -a configuration/configuration.py <<EOF
REMOTE_AUTH_ENABLED="true"
REMOTE_AUTH_BACKEND="netbox.authentication.LDAPBackend"
AUTH_USER_MODEL="auth.User"
EOF

docker-compose up -d

[herbetom]

I proposed to add the two needed vars in #339, that allows configuring those with docker enviroment vars. This isn't the solution i would like, but it is a "quick" fix.

I personally would prefer that the netbox-ldap images are built with the needed defaults. But that would require a bit more digging how this could be done.

[mscbpi]

I confirm LDAP does not work in 2.9.4 image. Need to modify configuration.py.

[herbetom]

#310 got merged into the develop branch a few days ago. When the changes reache the release branch (currently not yet the case) it is possible to fill the necessary options for LDAP via environment variables. This makes manual editing of the configuration.py unnecessary.

The big question now is when the next release will be available.

[cimnine]

Netbox Docker 0.26.0 was just released which addresses this issue.