search

marcus-crane / netbox-plugin-azuread

A plugin that enables users to authenticate with Netbox using Azure Active Directory
17 stars 5 forks source link

NetBox 3 support? Issue pulling Azure groups from user upon login. #2

Closed DonMusto closed 2 years ago

DonMusto commented 2 years ago

I've noticed some editing done - is this plugin going to be brought up to speed to support Netbox 3?

Thanks!

marcus-crane commented 2 years ago

Hey there,

This plugin is currently running within a deployed instance of Netbox 3.0.5 at the time of writing and I haven't noticed any issues.

Have you experienced any issues with Netbox 3.0 or just curious about compatibility?

marcus-crane commented 2 years ago

Hey @DonMusto, just letting you know that in regards to #4, I've updated the plugin to use Netbox 3.0's new styling.

As I understand it, there may have been some login issues with Netbox 3.0 due to the login template not working.

DonMusto commented 2 years ago

Thank you, Marcus! My login issues are resolved just fine. I'm still having issues with the mapping, however, I'm not sure what I'm missing.

'AD_GROUP_MAP': { 'STAFF': ['EXACTEMAIL@USEDTO.LOGIN'], 'SUPERUSER': ['engineering'] # Set one or more Azure AD groups and users with this group will receive the superuser or staff flag } }

This is my user-to-group mapping in configuration.py. The email with which I use to log in does so just fine, but it won't make that user part of the staff. That user is also a member of engineering, but won't get mapped to superuser status.

kbcz1989 commented 2 years ago

@DonMusto Hello. Check "API permissions" in your AD app: image

marcus-crane commented 2 years ago

Hey @DonMusto,

I hope you've been able to resolve your issue but if not, I just shipped some debug logging in v1.1.1 to try and help narrow down what might be going wrong. You can enable it by setting LOGLEVEL=DEBUG in your Netbox environment.

DonMusto commented 2 years ago

Thank you, @marcus-crane, but before I got to that level of desperation, it actually worked after enacting @kbcz1989's instruction.

If I knew Git better, I'd suggest an edit to the README.md that includes a point about adding the Azure API Permission "Application\Directory.Read.All" to the application, otherwise you can log in with no issue, but the plug-in cannot read the groups of the user logging in.

Thank you both!

marcus-crane commented 2 years ago

Thanks for reporting back and glad to hear it's working :)

Funnily enough, I did add a note about that to the README last night so hopefully others won't run into the same issue

DonMusto commented 2 years ago

Awesome!! Thank you for making this plug-in, it really makes a significant impact at my organization.