From 5107fb7c6baa3f17ac9d9eba2f6f08219b34c727 Mon Sep 17 00:00:00 2001 From: Matthew Yauch Date: Tue, 30 Apr 2019 14:24:22 -0700 Subject: [PATCH 1/2] AUTH_LDAP_BIND_PASSWORD secret file support --- configuration/ldap_config.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/configuration/ldap_config.py b/configuration/ldap_config.py index 36fe8bc..b1b88d8 100644 --- a/configuration/ldap_config.py +++ b/configuration/ldap_config.py @@ -3,6 +3,16 @@ import os from django_auth_ldap.config import LDAPSearch, GroupOfNamesType +# Read secret from file +def read_secret(secret_name): + try: + f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8') + except EnvironmentError: + return '' + else: + with f: + return f.readline().strip() + # Server URI AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', '') @@ -13,7 +23,7 @@ AUTH_LDAP_CONNECTION_OPTIONS = { # Set the DN and password for the NetBox service account. AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '') -AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', '') +AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', read_secret('auth_ldap_bind_password')) # Set a string template that describes any user’s distinguished name based on the username. AUTH_LDAP_USER_DN_TEMPLATE = os.environ.get('AUTH_LDAP_USER_DN_TEMPLATE', None) From 96924736df142e922e77c79fe2d1e226771cb4df Mon Sep 17 00:00:00 2001 From: Matthew Yauch Date: Wed, 1 May 2019 08:14:26 -0700 Subject: [PATCH 2/2] Updated README.md to reflect AUTH_LDAP_BIND_PASSWORD secret support --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3de3f96..40c4913 100644 --- a/README.md +++ b/README.md @@ -104,6 +104,7 @@ If a secret is defined by an environment variable and in the respective file at * `EMAIL_PASSWORD`: `/run/secrets/email_password` * `NAPALM_PASSWORD`: `/run/secrets/napalm_password` * `REDIS_PASSWORD`: `/run/secrets/redis_password` +* `AUTH_LDAP_BIND_PASSWORD`: `/run/secrets/auth_ldap_bind_password` Please also consider [the advice about running Netbox in production](#production) above!