diff --git a/charts/netbox/templates/_helpers.tpl b/charts/netbox/templates/_helpers.tpl index 5dc2b36..7f0f984 100644 --- a/charts/netbox/templates/_helpers.tpl +++ b/charts/netbox/templates/_helpers.tpl @@ -136,6 +136,7 @@ Compile all warnings into a single message. {{- define "netbox.validateValues" -}} {{- $messages := list -}} {{- $messages := append $messages (include "netbox.validateValues.postgresql" .) -}} +{{- $messages := append $messages (include "netbox.validateValues.ldap" .) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} {{- if $message -}} @@ -157,3 +158,14 @@ netbox: postgresql externalDatabase.port=DB_SERVER_PORT {{- end -}} {{- end -}} + +{{/* +Validate values of Netbox Chart - LDAP +*/}} +{{- define "netbox.validateValues.ldap" -}} +{{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) (or (empty .Values.remoteAuth.ldap.serverUri) (empty .Values.remoteAuth.ldap.bindDn)) -}} +netbox: remoteAuth.ldap + When LDAP backend is activated, you must provide all the necessary parameters. + Review the values under `remoteAuth.ldap`. +{{- end -}} +{{- end -}} diff --git a/charts/netbox/values.schema.json b/charts/netbox/values.schema.json index 5013473..675dbf9 100644 --- a/charts/netbox/values.schema.json +++ b/charts/netbox/values.schema.json @@ -988,6 +988,87 @@ }, "userLastName": { "type": "string" + }, + "ldap": { + "type": "object", + "additionalProperties": false, + "properties": { + "serverUri": { + "type": "string" + }, + "startTls": { + "type": "boolean" + }, + "ignoreCertErrors": { + "type": "boolean" + }, + "caCertData": { + "type": "string" + }, + "bindDn": { + "type": "string" + }, + "bindPassword": { + "type": "string" + }, + "userDnTemplate": { + "type": "null" + }, + "userSearchBaseDn": { + "type": "string" + }, + "userSearchAttr": { + "type": "string" + }, + "groupSearchBaseDn": { + "type": "string" + }, + "groupSearchClass": { + "type": "string" + }, + "groupType": { + "type": "string" + }, + "requireGroupDn": { + "type": "array", + "items": { + "type": "string" + } + }, + "isAdminDn": { + "type": "array", + "items": { + "type": "string" + } + }, + "isSuperUserDn": { + "type": "array", + "items": { + "type": "string" + } + }, + "findGroupPerms": { + "type": "boolean" + }, + "mirrorGroups": { + "type": "boolean" + }, + "mirrorGroupsExcept": { + "type": "null" + }, + "cacheTimeout": { + "type": "integer" + }, + "attrFirstName": { + "type": "string" + }, + "attrLastName": { + "type": "string" + }, + "attrMail": { + "type": "string" + } + } } }, "type": "object" diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml index bfc285c..6a2b8c5 100644 --- a/charts/netbox/values.yaml +++ b/charts/netbox/values.yaml @@ -378,37 +378,33 @@ remoteAuth: # The following options are specific for backend "netbox.authentication.LDAPBackend" # you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword" # see https://django-auth-ldap.readthedocs.io - # - # When enabling LDAP support please see "Using LDAP Authentication" in README.md and - # uncomment ALL of the configuration settings below, or your configuration will be invalid. - # - # ldap: - # serverUri: 'ldap://domain.com' - # startTls: true - # ignoreCertErrors: false - # caCertData: '' - # bindDn: 'CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com' - # bindPassword: 'TopSecretPassword' - # userDnTemplate: null - # userSearchBaseDn: 'OU=Users,OU=MyCompany,DC=domain,dc=com' - # userSearchAttr: 'sAMAccountName' - # groupSearchBaseDn: 'OU=Groups,OU=MyCompany,DC=domain,dc=com' - # groupSearchClass: 'group' - # groupType: 'GroupOfNamesType' - # requireGroupDn: - # - 'CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com' - # - 'CN=Domain Admins,CN=Users,DC=domain,dc=com' - # isAdminDn: - # - 'CN=Domain Admins,CN=Users,DC=domain,dc=com' - # isSuperUserDn: - # - 'CN=Domain Admins,CN=Users,DC=domain,dc=com' - # findGroupPerms: true - # mirrorGroups: true - # mirrorGroupsExcept: null - # cacheTimeout: 3600 - # attrFirstName: 'givenName' - # attrLastName: 'sn' - # attrMail: 'mail' + ldap: + serverUri: ldap://example.com + startTls: true + ignoreCertErrors: false + caCertData: "" + bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com + bindPassword: "" + userDnTemplate: null + userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com + userSearchAttr: sAMAccountName + groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com + groupSearchClass: group + groupType: GroupOfNamesType + requireGroupDn: + - CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com + - CN=Domain Admins,CN=Users,DC=example,dc=com + isAdminDn: + - CN=Domain Admins,CN=Users,DC=example,dc=com + isSuperUserDn: + - CN=Domain Admins,CN=Users,DC=example,dc=com + findGroupPerms: true + mirrorGroups: true + mirrorGroupsExcept: null + cacheTimeout: 3600 + attrFirstName: givenName + attrLastName: sn + attrMail: mail releaseCheck: # This repository is used to check whether there is a new release of NetBox