search

marcus-crane / netbox-plugin-azuread

A plugin that enables users to authenticate with Netbox using Azure Active Directory
18 stars 5 forks source link

Add ability to filter which AD groups are registered in Netbox #10

Closed FlochonR closed 3 years ago

FlochonR commented 3 years ago

Hello @marcus-crane !

I'm running the version 3.0.5 of Netbox and version 1.1.0 of your plugin with this configuration

PLUGINS = [
  'netbox_plugin_azuread'
]
PLUGINS_CONFIG = {
  'netbox_plugin_azuread': {
    'CLIENT_ID': 'toto,
    'CLIENT_SECRET': 'toto',
    'AUTHORITY': 'https://login.microsoftonline.com/toto/',
    'LOGIN_URL': '/login/',
    'REPLY_URL': '/complete/',
    'SCOPES': ['https://graph.microsoft.com/.default'],
    'AD_GROUP_MAP': {
      'STAFF': ['NETBOX-Users'],
      'SUPERUSER': ['NETBOX-Administrators']
    }
  }
}
REMOTE_AUTH_AUTO_CREATE_USER = True
REMOTE_AUTH_BACKEND = 'netbox_plugin_azuread.backends.AzureADRemoteUserBackend'
REMOTE_AUTH_ENABLED = True

The users are well created and they are on the group Azure AD NETBOX-Users or NETBOX-Administrators, the problem is the flag isn't added to the user Perhaps I will do something special in Azure AD config ?

Thanks for your help, FlochonR

qxmips commented 3 years ago

@FlochonR please check https://github.com/marcus-crane/netbox-plugin-azuread/issues/3

FlochonR commented 3 years ago

Hello @qxmips !!

Thanks, it's working now !

I have a question that ensues, I have a lot of groups automatically created ... Is it possible to limit that at the 2 groups I want ? (NETBOX-Users and NETBOX-Administrators)

marcus-crane commented 3 years ago

@FlochonR Glad you managed to get the plugin working. I could add a key to the config called something like AD_GROUP_FILTER which would work a little like this:

PLUGINS_CONFIG = {
  'netbox_plugin_azuread': {
    'AD_GROUP_FILTER': [
      'NETBOX-Users',
      'NETBOX-Administrators'
    ]
  }
}

where any groups listed in the filter are created in Netbox if they're specified. If the filter is empty (it would be by default), then it just creates all groups automatically.

There'd have to be some functionality that if the filter is defined then presumably it does a cleanup job and deletes everything that isn't in the filter.

If that sounds good, I can rename this issue to match the current state (feature request) and have a look at adding it sometime

FlochonR commented 3 years ago

Hello @marcus-crane !!

Yes, it's a good idea ! It would be perfect ! :D

marcus-crane commented 3 years ago

Thanks again for the help @qxmips

marcus-crane commented 3 years ago

Hey @FlochonR, this issue got closed automatically a bit early but 1.2.0 has just been released which includes the filter functionality you were after.

FlochonR commented 3 years ago

Hello @marcus-crane @tatsuyaueda

Thanks for the work, it's great !!