Support for adding Certificate Authorities for LDAP Authentication #340
Labels
enhancement
The issue describes an enhancement that we would like to implement in the future.
Milestone
Comments
cimnine
added
the
enhancement
|
You will be able to implement this on your own by leveraging #343 . |
|
Netbox Docker 0.26.0 was just released which addresses this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Desired Behavior
To be able to add an internal certificate authority's certificate to the netbox container. Additionally it would be awful nice to tell the ldap code to support a client side certificate (in order to connect to something like GSuite's LDAP backend)
...
Contrast to Current Behavior
If ldap authentication is configured in the netbox container, and the ldap server is using a certificate that isn't signed by an official CA, the validation fails, and therefore, the login fails.
At the moment, the only documented, supported option is to set the LDAP_IGNORE_CERT_ERRORS environment variable in the docker-compose.override.yml to "true"
...
Changes Required
A volume mapping from the project directory to create the appropriate certificate file, and possibly an environment variable to specify the TLS_CACERT string to the appropriate location. Additionally a change to ldap_config.py to pass the variable to django.
...
Discussion: Benefits and Drawbacks
People who are running netbox internally can enjoy actual host validation when using LDAP authentication.
...
The text was updated successfully, but these errors were encountered: