From bf56d56f86805f29122ad585f4acf4da7fdfde02 Mon Sep 17 00:00:00 2001
From: Jeremy Parker <jparker@squiz.net>
Date: Tue, 23 Feb 2021 10:12:44 +1100
Subject: [PATCH] add REMOTE_AUTH_BACKEND setting for ldap

---
 manifests/config.pp            | 8 ++++++++
 manifests/init.pp              | 1 +
 templates/configuration.py.epp | 5 +++++
 3 files changed, 14 insertions(+)

diff --git a/manifests/config.pp b/manifests/config.pp
index e9ce50e..3ea07ca 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -78,6 +78,12 @@
 #   Enforcement of unique IP space can be toggled on a per-VRF basis. To enforce unique IP space within the global table
 #   (all prefixes and IP addresses not assigned to a VRF), set ENFORCE_GLOBAL_UNIQUE to True.
 #
+# @param include_ldap
+#   Makes sure the packages and the python modules needed for LDAP-authentication are installed and loaded.
+#   The LDAP-config itself is not handled by this Puppet module at present.
+#   Use the documentation found here: https://netbox.readthedocs.io/en/stable/installation/5-ldap/ for information about
+#   the config file.
+#
 # @param login_required
 #   Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
 #   are permitted to access most data in NetBox (excluding secrets) but not make any changes.
@@ -155,6 +161,7 @@
   String $base_path,
   Boolean $debug,
   Boolean $enforce_global_unique,
+  Boolean $include_ldap,
   Boolean $login_required,
   Boolean $metrics_enabled,
   Boolean $prefer_ipv4,
@@ -212,6 +219,7 @@
       'base_path'               => $base_path,
       'debug'                   => $debug,
       'enforce_global_unique'   => $enforce_global_unique,
+      'include_ldap'            => $include_ldap,
       'exempt_view_permissions' => $exempt_view_permissions,
       'login_required'          => $login_required,
       'metrics_enabled'         => $metrics_enabled,
diff --git a/manifests/init.pp b/manifests/init.pp
index 633c5c7..e870245 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -367,6 +367,7 @@
     base_path               => $base_path,
     debug                   => $debug,
     enforce_global_unique   => $enforce_global_unique,
+    include_ldap            => $include_ldap,
     login_required          => $login_required,
     metrics_enabled         => $metrics_enabled,
     prefer_ipv4             => $prefer_ipv4,
diff --git a/templates/configuration.py.epp b/templates/configuration.py.epp
index dbf3c47..f7fbf8a 100644
--- a/templates/configuration.py.epp
+++ b/templates/configuration.py.epp
@@ -16,6 +16,7 @@
   Array $admins,
   Boolean $debug,
   Boolean $enforce_global_unique,
+  Boolean $include_ldap,
   Boolean $login_required,
   Boolean $metrics_enabled,
   Boolean $prefer_ipv4,
@@ -55,6 +56,10 @@ DATABASE = {
     'CONN_MAX_AGE': <%=$database_conn_max_age%>,      # Max database connection age
 }
 
+<% if $include_ldap { -%>
+REMOTE_AUTH_BACKEND = 'netbox.authentication.LDAPBackend'
+<% } -%>
+
 # Redis database settings. The Redis database is used for caching and background processing such as webhooks
 # Seperate sections for webhooks and caching allow for connecting to seperate Redis instances/datbases if desired.
 # Full connection details are required in both sections, even if they are the same.