Skip to content

LDAP Auth Not Working As Expected #993

New issue
New issue
Closed
Closed
LDAP Auth Not Working As Expected#993
@pts-jeffreyjewitt

Description

@pts-jeffreyjewitt
pts-jeffreyjewitt
opened on Apr 24, 2023

Current Behavior

Starting a fresh 3.4.8 container with docker compose
Set LDAP variables, as per: https://github.com/netbox-community/netbox-docker/wiki/LDAP
Added Caddy for TLS security

Try to login, cannot

AD account known good with prior version of netbox (<3.x)
AD account not locked out

Expected Behavior

I expected that when I try to login with LDAP account, I can login

Docker Compose Version

Docker Compose version v2.3.3

Docker Version

Client: Docker Engine - Community
 Version:           23.0.4
 API version:       1.42
 Go version:        go1.19.8
 Git commit:        f480fb1
 Built:             Fri Apr 14 10:32:04 2023
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          23.0.4
  API version:      1.42 (minimum version 1.12)
  Go version:       go1.19.8
  Git commit:       cbce331
  Built:            Fri Apr 14 10:32:04 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.20
  GitCommit:        2806fc1057397dbaeefbea0e4e17bddfbd388f38
 runc:
  Version:          1.1.5
  GitCommit:        v1.1.5-0-gf19387a
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

The git Revision

61a3afb

The git Status

On branch release
Your branch is up to date with 'origin/release'.

Startup Command

docker compose up / docker compose start

NetBox Logs

docker logs 515de00833fe
↩️ Skip creating the superuser
🧬 loaded config '/etc/netbox/config/configuration.py'
🧬 loaded config '/etc/netbox/config/extra.py'
🧬 loaded config '/etc/netbox/config/logging.py'
🧬 loaded config '/etc/netbox/config/plugins.py'
✅ Initialisation is done.
⏳ Waiting for control socket to be created... (1/10)
2023/04/24 16:25:01 [warn] 7#7 Unit is running unprivileged, then it cannot use arbitrary user and group.
2023/04/24 16:25:01 [info] 7#7 unit 1.29.1 started
2023/04/24 16:25:01 [info] 22#22 discovery started
2023/04/24 16:25:01 [notice] 22#22 module: python 3.10.4 "/usr/lib/unit/modules/python3.10.unit.so"
2023/04/24 16:25:01 [info] 7#7 controller started
2023/04/24 16:25:01 [notice] 7#7 process 22 exited with code 0
2023/04/24 16:25:01 [info] 24#24 router started
2023/04/24 16:25:01 [info] 24#24 OpenSSL 3.0.2 15 Mar 2022, 30000020
⚙️ Applying configuration from /etc/unit/nginx-unit.json
2023/04/24 16:25:02 [info] 28#28 "netbox" prototype started
2023/04/24 16:25:02 [info] 29#29 "netbox" application started
🧬 loaded config '/etc/netbox/config/configuration.py'
🧬 loaded config '/etc/netbox/config/extra.py'
🧬 loaded config '/etc/netbox/config/logging.py'
🧬 loaded config '/etc/netbox/config/plugins.py'
2023/04/24 16:25:06 [info] 38#38 "netbox" application started
✅ Unit configuration loaded successfully
2023/04/24 16:25:06 [notice] 7#7 process 20 exited with code 0
🧬 loaded config '/etc/netbox/config/configuration.py'
🧬 loaded config '/etc/netbox/config/extra.py'
🧬 loaded config '/etc/netbox/config/logging.py'
🧬 loaded config '/etc/netbox/config/plugins.py'
127.0.0.1 - - [24/Apr/2023:16:25:14 +0000] "GET /api/ HTTP/1.1" 200 469 "-" "curl/7.81.0"
127.0.0.1 - - [24/Apr/2023:16:25:28 +0000] "GET /api/ HTTP/1.1" 200 469 "-" "curl/7.81.0"
127.0.0.1 - - [24/Apr/2023:16:25:41 +0000] "GET /api/ HTTP/1.1" 200 469 "-" "curl/7.81.0"
172.21.0.6 - - [24/Apr/2023:16:25:52 +0000] "GET /login/ HTTP/1.1" 200 4860 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
127.0.0.1 - - [24/Apr/2023:16:25:56 +0000] "GET /api/ HTTP/1.1" 200 469 "-" "curl/7.81.0"
172.21.0.6 - - [24/Apr/2023:16:25:58 +0000] "POST /login/ HTTP/1.1" 200 5747 "https://netbox.points.com/login/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36"
127.0.0.1 - - [24/Apr/2023:16:26:12 +0000] "GET /api/ HTTP/1.1" 200 469 "-" "curl/7.81.0"




root@tor-netbox:~# docker compose logs netbox
root@tor-netbox:~#

Content of docker-compose.override.yml

version: '3.4'
services:
  netbox:
    environment:
      REMOTE_AUTH_ENABLED: "True"
      REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
      AUTH_LDAP_SERVER_URI: "ldaps://AD DC DN"
      AUTH_LDAP_BIND_DN: "CN=BINDACCOUNTCN"
      AUTH_LDAP_BIND_PASSWORD: "SECRETPASSWORD"
      AUTH_LDAP_USER_SEARCH_BASEDN: "OU=Users,USERS OU"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=Groups,GROUP OU"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=Netbox-Users,GROUP DN"
      AUTH_LDAP_IS_ADMIN_DN: "CN=Netbox-Users,GROUP CN"
      AUTH_LDAP_IS_SUPERUSER_DN: "CN=Netbox-Admins,GROUP CN"
      LDAP_IGNORE_CERT_ERRORS: "true"
      AUTH_LDAP_GROUP_TYPE: "NestedGroupOfNamesType"

    Originally had these set too (from an older install of netbox copied the config to the new instance), have disabled, but still having issues with AD users and logging in
        #AUTH_LDAP_MIRROR_GROUPS: "true"
        #AUTH_LDAP_FIND_GROUP_PERMS: "true"
        #AUTH_LDAP_USER_FLAGS_BY_GROUP: 'Group settings'

All the DN/OU/CNs are the full path to the object in AD

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions