APP-Netbox-AutenticaçãoLDAPAD

#

https://netboxlabs.com/docs/netbox/installation/ldap/

# sudo su -

# dnf install openldap-devel cyrus-sasl-devel openssl-devel python3-ldap

# source /opt/netbox/venv/bin/activate

(venv) [root@... bin]# pip3 install django-auth-ldap

(venv) [root@... bin]# sh -c "echo 'django-auth-ldap' >> /opt/netbox/local_requirements.txt"

# vi /opt/netbox/netbox/netbox/configuration.py

.....

REMOTE_AUTH_ENABLED = False

REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'

REMOTE_AUTH_HEADER = 'HTTP_REMOTE_USER'

REMOTE_AUTH_AUTO_CREATE_USER = True

REMOTE_AUTH_DEFAULT_GROUPS = []

REMOTE_AUTH_DEFAULT_PERMISSIONS = {}

.....

LOGGING = {

    "version": 1,

    "disable_existing_loggers": False,

    "handlers": {"console": {"class": "logging.StreamHandler"}},

    "loggers": {"django_auth_ldap": {"level": "DEBUG", "handlers": ["console"]}},

}

.....

# vi /opt/netbox/netbox/netbox/ldap_config.py

import ldap

from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion, NestedGroupOfNamesType

# Server URI

AUTH_LDAP_SERVER_URI = "ldap://local.domain:3268"

#AUTH_LDAP_SERVER_URI = "ldap://local.domain:389"

# The following may be needed if you are binding to Active Directory.

AUTH_LDAP_CONNECTION_OPTIONS = {

    ldap.OPT_REFERRALS: 0

}

# Set the DN and password for the NetBox service account.

AUTH_LDAP_BIND_DN = "CN=NETBOXAD,OU=usuarios,OU=GERAIS,DC=local,DC=domain"

AUTH_LDAP_BIND_PASSWORD = "Insira_SENHA"

# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.

# Note that this is a NetBox-specific setting which sets:

#     ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)

LDAP_IGNORE_CERT_ERRORS = False

# Include this setting if you want to validate the LDAP server certificates against a CA certificate directory on your server

# Note that this is a NetBox-specific setting which sets:

#     ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, LDAP_CA_CERT_DIR)

LDAP_CA_CERT_DIR = '/etc/ssl/certs'

# Include this setting if you want to validate the LDAP server certificates against your own CA.

# Note that this is a NetBox-specific setting which sets:

#     ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, LDAP_CA_CERT_FILE)

#LDAP_CA_CERT_FILE = '/path/to/example-CA.crt'

# This search matches users with the sAMAccountName equal to the provided username. This is required if the user's

# username is not in their DN (Active Directory).

AUTH_LDAP_USER_SEARCH = LDAPSearch(

    "OU=Usuarios,DC=local,DC=domain",

    ldap.SCOPE_SUBTREE,

    "(|(userPrincipalName=%(user)s)(sAMAccountName=%(user)s))"

)

# If a user's DN is producible from their username, we don't need to search.

AUTH_LDAP_USER_DN_TEMPLATE = None

# You can map user attributes to Django attributes as so.

AUTH_LDAP_USER_ATTR_MAP = {

    "username": "sAMAccountName",

    "email": "mail",

    "first_name": "givenName",

    "last_name": "sn",

}

AUTH_LDAP_USER_QUERY_FIELD = "username"

# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group

# hierarchy.

####AUTH_LDAP_GROUP_SEARCH = LDAPSearch( "CN=GrupoUSER,DC=local,DC=domain" )

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(

    "CN=GroupoAdmin,OU=Grupos,DC=local,DC=domain",

    ldap.SCOPE_SUBTREE,

#    ldap.SCOPE_ONELEVEL,   <- Conta não ativa

    "(objectClass=group)"

)

AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()

# Define a group required to login.

#AUTH_LDAP_REQUIRE_GROUP = "CN=GrupoUSER,DC=local,DC=domain"

# Mirror LDAP group assignments.

#AUTH_LDAP_MIRROR_GROUPS = True

# Define special user types using groups. Exercise great caution when assigning superuser status.

AUTH_LDAP_USER_FLAGS_BY_GROUP = {

    "is_active": "CN=GroupoAdmin,OU=Grupos,DC=local,DC=domain",

    "is_staff": "cn=staff,ou=groups,dc=example,dc=com",

    "is_superuser": "CN=GroupoAdmin,OU=Grupos,DC=local,DC=domain"

}

# For more granular permissions, we can map LDAP groups to Django groups.

AUTH_LDAP_FIND_GROUP_PERMS = True

# Cache groups for one hour to reduce LDAP traffic

AUTH_LDAP_CACHE_TIMEOUT = 3600

AUTH_LDAP_ALWAYS_UPDATE_USER = True

# systemctl restart netbox.service

### Link

https://netboxlabs.com/docs/netbox/installation/ldap/

https://netboxlabs.com/docs/enterprise/enterprise-features/nbe-ldap/?focus=enterprise

### Tune PostgreSQL  https://pgtune.leopard.in.ua/

# vi /var/lib/pgsql/data/postgresql.conf

# DB Version: 13

# OS Type: linux

# DB Type: web

# Total Memory (RAM): 8 GB

# CPUs num: 2

# Data Storage: ssd

max_connections = 200

shared_buffers = 2GB

effective_cache_size = 6GB

maintenance_work_mem = 512MB

checkpoint_completion_target = 0.9

wal_buffers = 16MB

default_statistics_target = 100

random_page_cost = 1.1

effective_io_concurrency = 200

work_mem = 10082kB

huge_pages = off

min_wal_size = 1GB

max_wal_size = 4GB

# systemctl restart postgresql.service

Link: 1 / 2 / 3 / 4