|
|
@@ -0,0 +1,110 @@
|
|
|
+# Remote Authentication Settings
|
|
|
+
|
|
|
+The configuration parameters listed here control remote authentication for NetBox. Note that `REMOTE_AUTH_ENABLED` must be true in order for these settings to take effect.
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_AUTO_CREATE_USER
|
|
|
+
|
|
|
+Default: `False`
|
|
|
+
|
|
|
+If true, NetBox will automatically create local accounts for users authenticated via a remote service. (Requires `REMOTE_AUTH_ENABLED`.)
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_BACKEND
|
|
|
+
|
|
|
+Default: `'netbox.authentication.RemoteUserBackend'`
|
|
|
+
|
|
|
+This is the Python path to the custom [Django authentication backend](https://docs.djangoproject.com/en/stable/topics/auth/customizing/) to use for external user authentication. NetBox provides two built-in backends (listed below), though custom authentication backends may also be provided by other packages or plugins.
|
|
|
+
|
|
|
+* `netbox.authentication.RemoteUserBackend`
|
|
|
+* `netbox.authentication.LDAPBackend`
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_DEFAULT_GROUPS
|
|
|
+
|
|
|
+Default: `[]` (Empty list)
|
|
|
+
|
|
|
+The list of groups to assign a new user account when created using remote authentication. (Requires `REMOTE_AUTH_ENABLED`.)
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_DEFAULT_PERMISSIONS
|
|
|
+
|
|
|
+Default: `{}` (Empty dictionary)
|
|
|
+
|
|
|
+A mapping of permissions to assign a new user account when created using remote authentication. Each key in the dictionary should be set to a dictionary of the attributes to be applied to the permission, or `None` to allow all objects. (Requires `REMOTE_AUTH_ENABLED`.)
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_ENABLED
|
|
|
+
|
|
|
+Default: `False`
|
|
|
+
|
|
|
+NetBox can be configured to support remote user authentication by inferring user authentication from an HTTP header set by the HTTP reverse proxy (e.g. nginx or Apache). Set this to `True` to enable this functionality. (Local authentication will still take effect as a fallback.)
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_GROUP_SYNC_ENABLED
|
|
|
+
|
|
|
+Default: `False`
|
|
|
+
|
|
|
+NetBox can be configured to sync remote user groups by inferring user authentication from an HTTP header set by the HTTP reverse proxy (e.g. nginx or Apache). Set this to `True` to enable this functionality. (Local authentication will still take effect as a fallback.) (Requires `REMOTE_AUTH_ENABLED`.)
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_HEADER
|
|
|
+
|
|
|
+Default: `'HTTP_REMOTE_USER'`
|
|
|
+
|
|
|
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User` it needs to be set to `HTTP_X_REMOTE_USER`. (Requires `REMOTE_AUTH_ENABLED`.)
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_GROUP_HEADER
|
|
|
+
|
|
|
+Default: `'HTTP_REMOTE_USER_GROUP'`
|
|
|
+
|
|
|
+When remote user authentication is in use, this is the name of the HTTP header which informs NetBox of the currently authenticated user. For example, to use the request header `X-Remote-User-Groups` it needs to be set to `HTTP_X_REMOTE_USER_GROUPS`. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_SUPERUSER_GROUPS
|
|
|
+
|
|
|
+Default: `[]` (Empty list)
|
|
|
+
|
|
|
+The list of groups that promote an remote User to Superuser on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_SUPERUSERS
|
|
|
+
|
|
|
+Default: `[]` (Empty list)
|
|
|
+
|
|
|
+The list of users that get promoted to Superuser on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_STAFF_GROUPS
|
|
|
+
|
|
|
+Default: `[]` (Empty list)
|
|
|
+
|
|
|
+The list of groups that promote an remote User to Staff on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_STAFF_USERS
|
|
|
+
|
|
|
+Default: `[]` (Empty list)
|
|
|
+
|
|
|
+The list of users that get promoted to Staff on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
|
|
|
+
|
|
|
+---
|
|
|
+
|
|
|
+## REMOTE_AUTH_GROUP_SEPARATOR
|
|
|
+
|
|
|
+Default: `|` (Pipe)
|
|
|
+
|
|
|
+The Seperator upon which `REMOTE_AUTH_GROUP_HEADER` gets split into individual Groups. This needs to be coordinated with your authentication Proxy. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` )
|
jeremystretch