search

netbox-community / netbox-docker

🐳 Docker Image of NetBox
https://github.com/netbox-community/netbox-docker/wiki
Apache License 2.0
1.79k stars 817 forks source link

Can't use LDAP auth with docker-compose.override.yml #1278

Closed hasculdr closed 1 month ago

hasculdr commented 1 month ago

Current Behavior

All settings are according to the wiki, in debug log i receive such messages: DEBUG Binding as CN=netboxsa,OU=,DC=,DC=,DC= netbox_1 | DEBUG Invoking search_s('', 2, '(sAMAccountName=my_user)') netbox_1 | ERROR search_s('', 2, '(sAMAccountName=my_user)') raised NO_SUCH_OBJECT({'msgtype': 101, 'msgid': 2, 'result': 32, 'desc': 'No such object', 'ctrls': [], 'info': "0000208D: NameErr: DSID-0310021F, problem 2001 (NO_OBJECT), data 0, best match of:\n\t''\n"}) netbox_1 | DEBUG search_s('', 2, '(sAMAccountName=%(user)s)') returned 0 objects: netbox_1 | DEBUG Authentication failed for my_user: failed to map the username to a DN. here basedn argument is empty

But when i copy USER(GROUP)_SEARCH_BASEDN values from docker-compose.override.yml right into my_fs/configuration/ldap/ldap_config.py, it works fine: DEBUG Binding as CN=netboxsa,OU=,DC=,DC=,DC= netbox_1 | DEBUG Invoking search_s('OU=,OU=,OU=,DC=,DC=,dc=', 2, '(sAMAccountName=my_user)') netbox_1 | DEBUG search_s('OU=,OU=,OU=,DC=,DC=,dc=', 2, '(sAMAccountName=%(user)s)') returned 1 objects: cn=deleted netbox_1 | DEBUG Binding as cn=deleted netbox_1 | DEBUG Populating Django user my_user

Expected Behavior

i expect an ability to manage authentication with .override file.

Docker Compose Version

docker-compose version 1.29.2

Docker Version

Client:
 Version:           
 API version:       1.43
 Go version:        go1.19.12
 Git commit:        
 Built:             Fri Oct 13 18:06:38 2023
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.19.12
  Git commit:       71f68bafc7
  Built:            Fri Oct 13 18:06:38 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.2
  GitCommit:        2497ab131
 runc:
  Version:          1.1.7
  GitCommit:        dfcf0a73
 docker-init:
  Version:          0.18.0
  GitCommit:

The git Revision

3f9ff1683f6daf7c77464252836f10a2b84eda75

The git Status

On branch main
nothing to commit, working tree clean

Startup Command

docker-compose up

NetBox Logs

netbox_1               | 2024/07/24 06:02:50 [info] 131#131 "netbox" application started
netbox_1               | 2024/07/24 06:15:05 [notice] 7#7 process 94 exited with code 0
netbox_1               | 2024/07/24 06:15:05 [notice] 7#7 process 95 exited with code 0
netbox_1               | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/plugins.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/plugins.py'
netbox_1               | 2024/07/24 06:15:06 [notice] 96#96 app process 131 exited with code 0
netbox_1               | 2024/07/24 06:15:06 [alert] 96#96 sendmsg(13, -1, -1, 2) failed (32: Broken pipe)
netbox_1               | 2024/07/24 06:15:07 [notice] 96#96 app process 97 exited with code 0
netbox_1               | 2024/07/24 06:15:07 [alert] 96#96 sendmsg(13, -1, -1, 2) failed (32: Broken pipe)
netbox_1               | 2024/07/24 06:15:07 [notice] 7#7 process 96 exited with code 0
netbox_1               | ↩️ Skip creating the superuser
netbox_1               | 🧬 loaded config '/etc/netbox/config/configuration.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/extra.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/logging.py'
netbox_1               | 🧬 loaded config '/etc/netbox/config/plugins.py'
netbox_1               | ✅ Initialisation is done.
netbox_1               | ⏳ Waiting for control socket to be created... (1/10)
netbox_1               | 2024/07/24 06:15:42 [warn] 7#7 Unit is running unprivileged, then it cannot use arbitrary user and group.
netbox_1               | 2024/07/24 06:15:42 [info] 7#7 unit 1.32.0 started
netbox_1               | 2024/07/24 06:15:42 [info] 94#94 discovery started
netbox_1               | 2024/07/24 06:15:42 [notice] 94#94 module: python 3.11.6 "/usr/lib/unit/modules/python3.11.unit.so"
netbox_1               | 2024/07/24 06:15:42 [info] 7#7 controller started
netbox_1               | 2024/07/24 06:15:42 [notice] 7#7 process 94 exited with code 0
netbox_1               | 2024/07/24 06:15:42 [info] 96#96 router started
netbox_1               | 2024/07/24 06:15:42 [info] 96#96 OpenSSL 3.0.10 1 Aug 2023, 300000a0
netbox_1               | 2024/07/24 06:15:42 [info] 97#97 "netbox" prototype started
netbox_1               | 2024/07/24 06:15:42 [info] 98#98 "netbox" application started
netbox_1               | ⚙️ Applying configuration from /etc/unit/nginx-unit.json
netbox_1               | ✅ Unit configuration loaded successfully
netbox_1               | 2024/07/24 06:15:50 [notice] 7#7 process 92 exited with code 0
netbox_1               | 2024/07/24 06:15:54 [info] 132#132 "netbox" application started

Content of docker-compose.override.yml

version: '3.4'
services:
  netbox:
    ports:
      - "8000:8080"
    # If you want the Nginx unit status page visible from the
    # outside of the container add the following port mapping:
    # - "8001:8081"
    healthcheck:
      # Time for which the health check can fail after the container is started.
      # This depends mostly on the performance of your database. On the first start,
      # when all tables need to be created the start_period should be higher than on
      # subsequent starts. For the first start after major version upgrades of NetBox
      # the start_period might also need to be set higher.
      # Default value in our docker-compose.yml is 60s
      start_period: 60s
    environment:
      SKIP_SUPERUSER: "True"
    ### LDAP AUTH
      REMOTE_AUTH_ENABLED: "True"
      REMOTE_AUTH_BACKEND: "netbox.authentication.LDAPBackend"
      AUTH_LDAP_SERVER_URI: "ldaps://removed:636"
      AUTH_LDAP_BIND_DN: "CN=netboxsa,OU=*,DC=*,DC=*,dc=*"
      AUTH_LDAP_BIND_PASSWORD: "removed"
      AUTH_LDAP_USER_SEARCH_BASEDN: "OU=*,OU=*,OU=*,DC=*,DC=*,dc=*"
      AUTH_LDAP_GROUP_SEARCH_BASEDN: "OU=*,DC=*,DC=*,dc=*"
      AUTH_LDAP_REQUIRE_GROUP_DN: "CN=*,OU=*,DC=*,DC=*,dc=*"
      AUTH_LDAP_GROUP_TYPE: "NestedGroupOfNamesType"
      LDAP_IGNORE_CERT_ERRORS: "True"
    restart: unless-stopped
  netbox-worker:
    restart: unless-stopped
  netbox-housekeeping:
    restart: unless-stopped
  postgres:
    restart: unless-stopped
  redis:
    restart: unless-stopped
  redis-cache:
    restart: unless-stopped
hasculdr commented 1 month ago

Sorry folks, it looks like i messed up while creating containers with "docker-compose up". That time there weren't basedn data in override-file, and these values weren't in container's env. Next, i wrote them into ldap-config.py and restart container, so there was mounted modified config, and the auth started work this way. I expected compose start/restart always uses compose(override).yml, not only when creates containers.