From f2bb1198ddb43ca77472fd980d3a2c3bc77c2101 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 23 Dec 2022 05:15:28 +0000
Subject: [PATCH 01/14] Update dependency django-storages to v1.13.2
---
requirements-container.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements-container.txt b/requirements-container.txt
index 96f3aa3..9572d17 100644
--- a/requirements-container.txt
+++ b/requirements-container.txt
@@ -1,5 +1,5 @@
django-auth-ldap==4.1.0
-django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.1
+django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.2
napalm==4.0.0
psycopg2==2.9.5
python3-saml==1.14.0
From 89ad7588f0ddda2aabe490614ea9804225ad76db Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 27 Dec 2022 23:54:03 +0000
Subject: [PATCH 02/14] Update dependency python3-saml to v1.15.0
---
requirements-container.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/requirements-container.txt b/requirements-container.txt
index 9572d17..f1ccb53 100644
--- a/requirements-container.txt
+++ b/requirements-container.txt
@@ -2,5 +2,5 @@ django-auth-ldap==4.1.0
django-storages[azure,boto3,dropbox,google,libcloud,sftp]==1.13.2
napalm==4.0.0
psycopg2==2.9.5
-python3-saml==1.14.0
+python3-saml==1.15.0
social-auth-core[all]==4.3.0
From 73f479d5db39868928697ab92680b244ff8923f2 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Tue, 3 Jan 2023 14:41:26 +0100
Subject: [PATCH 03/14] Ensure that '*' or 'localhost' is always in
ALLOWED_HOSTS
---
configuration/configuration.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/configuration/configuration.py b/configuration/configuration.py
index 8d19fd9..db35c1b 100644
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@@ -58,6 +58,9 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
+# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS
+if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:
+ ALLOWED_HOSTS.append('localhost')
# PostgreSQL database configuration. See the Django documentation for a complete list of available parameters:
# https://docs.djangoproject.com/en/stable/ref/settings/#databases
From b6faad36cb19e5d1f9dbf67f99e47cee9b211620 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Tue, 3 Jan 2023 14:58:41 +0100
Subject: [PATCH 04/14] Added start_period to docker-compose example
---
docker-compose.override.yml.example | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example
index f08d6c0..e2cf62a 100644
--- a/docker-compose.override.yml.example
+++ b/docker-compose.override.yml.example
@@ -3,3 +3,11 @@ services:
netbox:
ports:
- 8000:8080
+ healthcheck:
+ # Time for which the health check can fail after the container is started.
+ # This depends mostly on the performance of your database. On the first start,
+ # when all tables need to be created the start_period should be higher than on
+ # subsequent starts. For the first start after major version upgrades of Netbox
+ # the start_period might also need to be set higher.
+ # Default value in our docker-compose.yml is 60s
+ start_period: 90s
From 8f2820626c3a0eda295b407d4866d65ccd3b460c Mon Sep 17 00:00:00 2001
From: Kadar Anwar <11323060+kmanwar89@users.noreply.github.com>
Date: Tue, 3 Jan 2023 09:06:46 -0500
Subject: [PATCH 05/14] Fix syntax of docker compose commands
Docker compose's syntax changed as of Compose v2 (source: https://docs.docker.com/compose/reference/). Replaced references of "docker-compose" with "docker compose" to align with this change.
---
README.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 18496a8..ac44d61 100644
--- a/README.md
+++ b/README.md
@@ -40,8 +40,8 @@ services:
ports:
- 8000:8080
EOF
-docker-compose pull
-docker-compose up
+docker compose pull
+docker compose up
```
The whole application will be available after a few minutes.
@@ -123,7 +123,7 @@ This project relies only on _Docker_ and _docker-compose_ meeting these requirem
* The _containerd version_ must be at least `1.5.6`.
* The _docker-compose version_ must be at least `1.28.0`.
-To check the version installed on your system run `docker --version` and `docker-compose --version`.
+To check the version installed on your system run `docker --version` and `docker compose version`.
## Updating
From 0c1b69ded02d1ce3e463287ce4f18eb35fbe6650 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Tue, 3 Jan 2023 16:45:09 +0100
Subject: [PATCH 06/14] Update docker-compose.override.yml.example
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Co-authored-by: Christian Mäder <cimnine@users.noreply.github.com>
---
docker-compose.override.yml.example | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docker-compose.override.yml.example b/docker-compose.override.yml.example
index e2cf62a..1b936f6 100644
--- a/docker-compose.override.yml.example
+++ b/docker-compose.override.yml.example
@@ -7,7 +7,7 @@ services:
# Time for which the health check can fail after the container is started.
# This depends mostly on the performance of your database. On the first start,
# when all tables need to be created the start_period should be higher than on
- # subsequent starts. For the first start after major version upgrades of Netbox
+ # subsequent starts. For the first start after major version upgrades of NetBox
# the start_period might also need to be set higher.
# Default value in our docker-compose.yml is 60s
start_period: 90s
From 7e0a8fee82d064874784ba707971f2aeea3d5a7a Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Tue, 3 Jan 2023 16:48:00 +0100
Subject: [PATCH 07/14] Improved comment
---
configuration/configuration.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configuration/configuration.py b/configuration/configuration.py
index db35c1b..cff152f 100644
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@@ -58,7 +58,7 @@ _BASE_DIR = dirname(dirname(abspath(__file__)))
#
# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
ALLOWED_HOSTS = environ.get('ALLOWED_HOSTS', '*').split(' ')
-# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS
+# ensure that '*' or 'localhost' is always in ALLOWED_HOSTS (needed for health checks)
if '*' not in ALLOWED_HOSTS and 'localhost' not in ALLOWED_HOSTS:
ALLOWED_HOSTS.append('localhost')
From 41d80d66b1506cd82415f2e25e42fbb868539a8f Mon Sep 17 00:00:00 2001
From: "Sean M. Collins" <sean@coreitpro.com>
Date: Tue, 27 Dec 2022 20:00:59 +0000
Subject: [PATCH 08/14] Prepend docker.io to image URLs
This is to make podman happy, since newer versions of podman
have set short-name-mode to enforcing
https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md
---
docker-compose.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/docker-compose.yml b/docker-compose.yml
index d3e8234..a8f3b54 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
version: '3.4'
services:
netbox: &netbox
- image: netboxcommunity/netbox:${VERSION-v3.4-2.4.0}
+ image: docker.io/netboxcommunity/netbox:${VERSION-v3.4-2.4.0}
depends_on:
- postgres
- redis
@@ -47,14 +47,14 @@ services:
# postgres
postgres:
- image: postgres:15-alpine
+ image: docker.io/postgres:15-alpine
env_file: env/postgres.env
volumes:
- netbox-postgres-data:/var/lib/postgresql/data
# redis
redis:
- image: redis:7-alpine
+ image: docker.io/redis:7-alpine
command:
- sh
- -c # this is to evaluate the $REDIS_PASSWORD from the env
From bd07a7a5a2f9810a3b14122c0f01010495505cd3 Mon Sep 17 00:00:00 2001
From: Christian Harendt <22472485+christianharendt@users.noreply.github.com>
Date: Fri, 27 Jan 2023 15:02:11 +0100
Subject: [PATCH 09/14] Add redis username parameter
---
configuration/configuration.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/configuration/configuration.py b/configuration/configuration.py
index cff152f..d3cfe2b 100644
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@@ -86,6 +86,7 @@ REDIS = {
'tasks': {
'HOST': environ.get('REDIS_HOST', 'localhost'),
'PORT': _environ_get_and_map('REDIS_PORT', 6379, _AS_INT),
+ 'USERNAME': environ.get('REDIS_USERNAME', ''),
'PASSWORD': _read_secret('redis_password', environ.get('REDIS_PASSWORD', '')),
'DATABASE': _environ_get_and_map('REDIS_DATABASE', 0, _AS_INT),
'SSL': _environ_get_and_map('REDIS_SSL', 'False', _AS_BOOL),
@@ -94,6 +95,7 @@ REDIS = {
'caching': {
'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')),
'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT),
+ 'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', ''),
'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))),
'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT),
'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL),
From ff373bd60da9267f446006efbbb63f6076c73d07 Mon Sep 17 00:00:00 2001
From: Christian Harendt <22472485+christianharendt@users.noreply.github.com>
Date: Fri, 27 Jan 2023 15:05:17 +0100
Subject: [PATCH 10/14] Update configuration.py
---
configuration/configuration.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configuration/configuration.py b/configuration/configuration.py
index d3cfe2b..18bfd01 100644
--- a/configuration/configuration.py
+++ b/configuration/configuration.py
@@ -95,7 +95,7 @@ REDIS = {
'caching': {
'HOST': environ.get('REDIS_CACHE_HOST', environ.get('REDIS_HOST', 'localhost')),
'PORT': _environ_get_and_map('REDIS_CACHE_PORT', environ.get('REDIS_PORT', '6379'), _AS_INT),
- 'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', ''),
+ 'USERNAME': environ.get('REDIS_CACHE_USERNAME', environ.get('REDIS_USERNAME', '')),
'PASSWORD': _read_secret('redis_cache_password', environ.get('REDIS_CACHE_PASSWORD', environ.get('REDIS_PASSWORD', ''))),
'DATABASE': _environ_get_and_map('REDIS_CACHE_DATABASE', '1', _AS_INT),
'SSL': _environ_get_and_map('REDIS_CACHE_SSL', environ.get('REDIS_SSL', 'False'), _AS_BOOL),
From f2b0375d5b892828f19f203ea4b47decce34a466 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Sat, 28 Jan 2023 12:00:40 +0100
Subject: [PATCH 11/14] Using GITHUB_TOKEN for API
---
.github/workflows/push.yml | 1 +
.github/workflows/release.yml | 1 +
build-latest.sh | 34 +++++++++++++++++-----------------
3 files changed, 19 insertions(+), 17 deletions(-)
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index acd08d4..2bf855b 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -55,6 +55,7 @@ jobs:
fail-fast: false
env:
GH_ACTION: enable
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: docker.io/netboxcommunity/netbox
runs-on: ubuntu-latest
name: Builds new NetBox Docker Images
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3b622ea..86733e3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,6 +25,7 @@ jobs:
name: Builds new NetBox Docker Images
env:
GH_ACTION: enable
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMAGE_NAMES: docker.io/netboxcommunity/netbox quay.io/netboxcommunity/netbox ghcr.io/netbox-community/netbox
steps:
- id: source-checkout
diff --git a/build-latest.sh b/build-latest.sh
index bcafda4..00abe97 100755
--- a/build-latest.sh
+++ b/build-latest.sh
@@ -11,16 +11,20 @@ if ! command -v jq; then
exit 1
fi
+CURL_ARGS=(
+ --silent
+)
+
###
-# Checking for the presence of GITHUB_OAUTH_CLIENT_ID
-# and GITHUB_OAUTH_CLIENT_SECRET
+# Checking for the presence of GITHUB_TOKEN
###
-if [ -n "${GITHUB_OAUTH_CLIENT_ID}" ] && [ -n "${GITHUB_OAUTH_CLIENT_SECRET}" ]; then
+if [ -n "${GITHUB_TOKEN}" ]; then
echo "🗝 Performing authenticated Github API calls."
- GITHUB_OAUTH_PARAMS="client_id=${GITHUB_OAUTH_CLIENT_ID}&client_secret=${GITHUB_OAUTH_CLIENT_SECRET}"
+ CURL_ARGS+=(
+ --header "Authorization: Bearer ${GITHUB_TOKEN}"
+ )
else
echo "🕶 Performing unauthenticated Github API calls. This might result in lower Github rate limits!"
- GITHUB_OAUTH_PARAMS=""
fi
###
@@ -42,31 +46,27 @@ fi
###
ORIGINAL_GITHUB_REPO="netbox-community/netbox"
GITHUB_REPO="${GITHUB_REPO-$ORIGINAL_GITHUB_REPO}"
-URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases?${GITHUB_OAUTH_PARAMS}"
+URL_RELEASES="https://api.github.com/repos/${GITHUB_REPO}/releases"
# Composing the JQ commans to extract the most recent version number
JQ_LATEST="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==${PRERELEASE-false}) | .tag_name"
-CURL="curl -sS"
+CURL="curl"
# Querying the Github API to fetch the most recent version number
-VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_LATEST}")
+VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_LATEST}" 2>/dev/null)
###
# Check if the prerelease version is actually higher than stable version
###
if [ "${PRERELEASE}" == "true" ]; then
JQ_STABLE="group_by(.prerelease) | .[] | sort_by(.published_at) | reverse | .[0] | select(.prerelease==false) | .tag_name"
- STABLE_VERSION=$($CURL "${URL_RELEASES}" | jq -r "${JQ_STABLE}")
+ STABLE_VERSION=$($CURL "${CURL_ARGS[@]}" "${URL_RELEASES}" | jq -r "${JQ_STABLE}" 2>/dev/null)
- # shellcheck disable=SC2003
- MAJOR_STABLE=$(expr match "${STABLE_VERSION}" 'v\([0-9]\+\)')
- # shellcheck disable=SC2003
- MINOR_STABLE=$(expr match "${STABLE_VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
- # shellcheck disable=SC2003
- MAJOR_UNSTABLE=$(expr match "${VERSION}" 'v\([0-9]\+\)')
- # shellcheck disable=SC2003
- MINOR_UNSTABLE=$(expr match "${VERSION}" 'v[0-9]\+\.\([0-9]\+\)')
+ MAJOR_STABLE=$(expr "${STABLE_VERSION}" : 'v\([0-9]\+\)')
+ MINOR_STABLE=$(expr "${STABLE_VERSION}" : 'v[0-9]\+\.\([0-9]\+\)')
+ MAJOR_UNSTABLE=$(expr "${VERSION}" : 'v\([0-9]\+\)')
+ MINOR_UNSTABLE=$(expr "${VERSION}" : 'v[0-9]\+\.\([0-9]\+\)')
if {
[ "${MAJOR_STABLE}" -eq "${MAJOR_UNSTABLE}" ] &&
From eef45c8197d80d5860dc84a03a8aa6a4ab750e65 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <tobias.genannt@gmail.com>
Date: Sat, 28 Jan 2023 15:42:32 +0100
Subject: [PATCH 12/14] Using new GITHUB_OUTPUT method
---
.github/workflows/release.yml | 2 +-
build-functions/gh-functions.sh | 11 +++++++++++
build-latest.sh | 6 ++----
build.sh | 6 +++---
4 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 86733e3..1dd2c3a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -33,7 +33,7 @@ jobs:
uses: actions/checkout@v3
- id: set-netbox-docker-version
name: Get Version of NetBox Docker
- run: echo "::set-output name=version::$(cat VERSION)"
+ run: echo "version=$(cat VERSION)" >>"$GITHUB_OUTPUT"
shell: bash
- id: qemu-setup
name: Set up QEMU
diff --git a/build-functions/gh-functions.sh b/build-functions/gh-functions.sh
index 4928d0d..4c04dc0 100644
--- a/build-functions/gh-functions.sh
+++ b/build-functions/gh-functions.sh
@@ -19,3 +19,14 @@ gh_env() {
echo "${@}" >>"${GITHUB_ENV}"
fi
}
+
+###
+# Prints the output to the file defined in ${GITHUB_OUTPUT}.
+# Only executes if ${GH_ACTION} is defined.
+# Example Usage: gh_env "FOO_VAR=bar_value"
+###
+gh_out() {
+ if [ -n "${GH_ACTION}" ]; then
+ echo "${@}" >>"$GITHUB_OUTPUT"
+ fi
+}
diff --git a/build-latest.sh b/build-latest.sh
index 00abe97..30a0ba6 100755
--- a/build-latest.sh
+++ b/build-latest.sh
@@ -1,5 +1,6 @@
#!/bin/bash
# Builds the latest released version
+source ./build-functions/gh-functions.sh
echo "▶️ $0 $*"
@@ -75,10 +76,7 @@ if [ "${PRERELEASE}" == "true" ]; then
echo "❎ Latest unstable version '${VERSION}' is not higher than the latest stable version '$STABLE_VERSION'."
if [ -z "$DEBUG" ]; then
- if [ -n "${GH_ACTION}" ]; then
- echo "::set-output name=skipped::true"
- fi
-
+ gh_out "skipped=true"
exit 0
else
echo "⚠️ Would exit here with code '0', but DEBUG is enabled."
diff --git a/build.sh b/build.sh
index f892e8b..cc265f9 100755
--- a/build.sh
+++ b/build.sh
@@ -170,7 +170,7 @@ if [ "${2}" != "--push-only" ] && [ -z "${SKIP_GIT}" ]; then
REMOTE_EXISTS=$(git ls-remote --heads --tags "${URL}" "${NETBOX_BRANCH}" | wc -l)
if [ "${REMOTE_EXISTS}" == "0" ]; then
echo "❌ Remote branch '${NETBOX_BRANCH}' not found in '${URL}'; Nothing to do"
- gh_echo "::set-output name=skipped::true"
+ gh_out "skipped=true"
exit 0
fi
echo "🌐 Checking out '${NETBOX_BRANCH}' of NetBox from the url '${URL}' into '${NETBOX_PATH}'"
@@ -349,10 +349,10 @@ fi
if [ "${SHOULD_BUILD}" != "true" ]; then
echo "Build skipped because sources didn't change"
- echo "::set-output name=skipped::true"
+ gh_out "skipped=true"
exit 0 # Nothing to do -> exit
else
- gh_echo "::set-output name=skipped::false"
+ gh_out "skipped=false"
fi
gh_echo "::endgroup::"
From 3071c500da191ec3c90322f8a2dcc5b85a446065 Mon Sep 17 00:00:00 2001
From: Tim Oliver Rabl <rabl@komro.net>
Date: Fri, 27 Jan 2023 23:57:56 +0100
Subject: [PATCH 13/14] implement extra LDAP user and group filters as
requested in #471
---
configuration/ldap/ldap_config.py | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py
index 8aa3ecb..f5cd50c 100644
--- a/configuration/ldap/ldap_config.py
+++ b/configuration/ldap/ldap_config.py
@@ -61,18 +61,22 @@ LDAP_CA_CERT_FILE = environ.get('LDAP_CA_CERT_FILE', None)
AUTH_LDAP_USER_SEARCH_BASEDN = environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', '')
AUTH_LDAP_USER_SEARCH_ATTR = environ.get('AUTH_LDAP_USER_SEARCH_ATTR', 'sAMAccountName')
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
- AUTH_LDAP_USER_SEARCH_BASEDN,
- ldap.SCOPE_SUBTREE,
- "(" + AUTH_LDAP_USER_SEARCH_ATTR + "=%(user)s)"
+AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get(
+ 'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)'
)
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# heirarchy.
+
AUTH_LDAP_GROUP_SEARCH_BASEDN = environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', '')
AUTH_LDAP_GROUP_SEARCH_CLASS = environ.get('AUTH_LDAP_GROUP_SEARCH_CLASS', 'group')
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE,
- "(objectClass=" + AUTH_LDAP_GROUP_SEARCH_CLASS + ")")
+
+AUTH_LDAP_GROUP_SEARCH_FILTER: str = environ.get(
+ 'AUTH_LDAP_GROUP_SEARCH_FILTER', f'(objectclass={AUTH_LDAP_GROUP_SEARCH_CLASS})'
+)
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
+ AUTH_LDAP_GROUP_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_GROUP_SEARCH_FILTER
+)
AUTH_LDAP_GROUP_TYPE = _import_group_type(environ.get('AUTH_LDAP_GROUP_TYPE', 'GroupOfNamesType'))
# Define a group required to login.
From 6f70b88972823a03d1364e5fdae7e156a5b4646d Mon Sep 17 00:00:00 2001
From: Tim Rabl <47297056+timrabl@users.noreply.github.com>
Date: Sat, 28 Jan 2023 00:58:47 +0100
Subject: [PATCH 14/14] squash commits that revert AUTH_LDAP_USER_SEARCH
add missing AUTH_LDAP_USER_SEARCH, removed while modifying....
revert AUTH_LDAP_USER_SEARCH variable that was accidentally removed in #931 and change behaviour to requested features in #471
remove duplicate AUTH_LDAP_USER_SEARCH variable now and fix this finally, hopefully
---
configuration/ldap/ldap_config.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/configuration/ldap/ldap_config.py b/configuration/ldap/ldap_config.py
index f5cd50c..82fad72 100644
--- a/configuration/ldap/ldap_config.py
+++ b/configuration/ldap/ldap_config.py
@@ -65,6 +65,10 @@ AUTH_LDAP_USER_SEARCH_FILTER: str = environ.get(
'AUTH_LDAP_USER_SEARCH_FILTER', f'({AUTH_LDAP_USER_SEARCH_ATTR}=%(user)s)'
)
+AUTH_LDAP_USER_SEARCH = LDAPSearch(
+ AUTH_LDAP_USER_SEARCH_BASEDN, ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER
+)
+
# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
# heirarchy.