Skip to content

Commit

Permalink
Make LDAP values available per default
Browse files Browse the repository at this point in the history
  • Loading branch information
LeoColomb committed Oct 30, 2024
1 parent 4617a29 commit a081146
Show file tree
Hide file tree
Showing 3 changed files with 120 additions and 31 deletions.
12 changes: 12 additions & 0 deletions charts/netbox/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ Compile all warnings into a single message.
{{- define "netbox.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "netbox.validateValues.postgresql" .) -}}
{{- $messages := append $messages (include "netbox.validateValues.ldap" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
Expand All @@ -157,3 +158,14 @@ netbox: postgresql
externalDatabase.port=DB_SERVER_PORT
{{- end -}}
{{- end -}}

{{/*
Validate values of Netbox Chart - LDAP
*/}}
{{- define "netbox.validateValues.ldap" -}}
{{- if and (has "netbox.authentication.LDAPBackend" .Values.remoteAuth.backends) (or (empty .Values.remoteAuth.ldap.serverUri) (empty .Values.remoteAuth.ldap.bindDn)) -}}
netbox: remoteAuth.ldap
When LDAP backend is activated, you must provide all the necessary parameters.
Review the values under `remoteAuth.ldap`.
{{- end -}}
{{- end -}}
81 changes: 81 additions & 0 deletions charts/netbox/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -991,6 +991,87 @@
},
"userLastName": {
"type": "string"
},
"ldap": {
"type": "object",
"additionalProperties": false,
"properties": {
"serverUri": {
"type": "string"
},
"startTls": {
"type": "boolean"
},
"ignoreCertErrors": {
"type": "boolean"
},
"caCertData": {
"type": "string"
},
"bindDn": {
"type": "string"
},
"bindPassword": {
"type": "string"
},
"userDnTemplate": {
"type": "null"
},
"userSearchBaseDn": {
"type": "string"
},
"userSearchAttr": {
"type": "string"
},
"groupSearchBaseDn": {
"type": "string"
},
"groupSearchClass": {
"type": "string"
},
"groupType": {
"type": "string"
},
"requireGroupDn": {
"type": "array",
"items": {
"type": "string"
}
},
"isAdminDn": {
"type": "array",
"items": {
"type": "string"
}
},
"isSuperUserDn": {
"type": "array",
"items": {
"type": "string"
}
},
"findGroupPerms": {
"type": "boolean"
},
"mirrorGroups": {
"type": "boolean"
},
"mirrorGroupsExcept": {
"type": "null"
},
"cacheTimeout": {
"type": "integer"
},
"attrFirstName": {
"type": "string"
},
"attrLastName": {
"type": "string"
},
"attrMail": {
"type": "string"
}
}
}
},
"type": "object"
Expand Down
58 changes: 27 additions & 31 deletions charts/netbox/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -378,37 +378,33 @@ remoteAuth:
# The following options are specific for backend "netbox.authentication.LDAPBackend"
# you can use an existing netbox secret with "ldap_bind_password" instead of "bindPassword"
# see https://django-auth-ldap.readthedocs.io
#
# When enabling LDAP support please see "Using LDAP Authentication" in README.md and
# uncomment ALL of the configuration settings below, or your configuration will be invalid.
#
# ldap:
# serverUri: 'ldap://domain.com'
# startTls: true
# ignoreCertErrors: false
# caCertData: ''
# bindDn: 'CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=domain,dc=com'
# bindPassword: 'TopSecretPassword'
# userDnTemplate: null
# userSearchBaseDn: 'OU=Users,OU=MyCompany,DC=domain,dc=com'
# userSearchAttr: 'sAMAccountName'
# groupSearchBaseDn: 'OU=Groups,OU=MyCompany,DC=domain,dc=com'
# groupSearchClass: 'group'
# groupType: 'GroupOfNamesType'
# requireGroupDn:
# - 'CN=Network Configuration Operators,CN=Builtin,DC=domain,dc=com'
# - 'CN=Domain Admins,CN=Users,DC=domain,dc=com'
# isAdminDn:
# - 'CN=Domain Admins,CN=Users,DC=domain,dc=com'
# isSuperUserDn:
# - 'CN=Domain Admins,CN=Users,DC=domain,dc=com'
# findGroupPerms: true
# mirrorGroups: true
# mirrorGroupsExcept: null
# cacheTimeout: 3600
# attrFirstName: 'givenName'
# attrLastName: 'sn'
# attrMail: 'mail'
ldap:
serverUri: ldap://example.com
startTls: true
ignoreCertErrors: false
caCertData: ""
bindDn: CN=Netbox,OU=EmbeddedDevices,OU=MyCompany,DC=example,dc=com
bindPassword: ""
userDnTemplate: null
userSearchBaseDn: OU=Users,OU=MyCompany,DC=example,dc=com
userSearchAttr: sAMAccountName
groupSearchBaseDn: OU=Groups,OU=MyCompany,DC=example,dc=com
groupSearchClass: group
groupType: GroupOfNamesType
requireGroupDn:
- CN=Network Configuration Operators,CN=Builtin,DC=example,dc=com
- CN=Domain Admins,CN=Users,DC=example,dc=com
isAdminDn:
- CN=Domain Admins,CN=Users,DC=example,dc=com
isSuperUserDn:
- CN=Domain Admins,CN=Users,DC=example,dc=com
findGroupPerms: true
mirrorGroups: true
mirrorGroupsExcept: null
cacheTimeout: 3600
attrFirstName: givenName
attrLastName: sn
attrMail: mail

releaseCheck:
# This repository is used to check whether there is a new release of NetBox
Expand Down

0 comments on commit a081146

Please sign in to comment.