Send netdisco-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: Adding users to Netdisco via script for database
(Oliver Gorwits)
--- Begin Message ---
Hi Michael
As you worked out, it's just a matter of developer time, energy, and
interest, and I guess we like implementing other features more, and this
isn't an itch to scratch. Patches welcome! (seriously, I am happy to work
on pull requests with people, or give github commit bits)
More practically, the no_auth config setting is really the workaround
solution here. Turn that on, and put Netdisco behind apache or your f5 or
whatever, and get that to do the authN instead and reverse proxy through.
(and if we did implement something more like LDAP filter matching, we'd
also need to map that authN to a set of roles in the system so that we can
still have port control, admin, etc for users)
regards,
oliver
On Fri, 25 Jan 2019 at 22:19, Michael Butash <[email protected]> wrote:
> Is there a reason that netdisco can't simply pass an authentication
> attempt to ldap when configured, run a ldap filter match for security group
> CN for RW/RO authorization, and permit as a ND role vs. needing the user
> added and permissions set directly to the db persistently? Having setup ND
> and other multi-user applications over the years, it's always frustrating
> when their tacacs, radius, ldap, or any extensible auth implementation
> still requires a user manually added first. Seems adding a group filter
> match to remove the need to keep dynamic users and priv level (none, ro,
> rw) at all shouldn't require too much work.
>
> If we had to manually add a user to every router/switch for a given user
> coming or going even with tacacs/radius, we'd be lining up with pitchforks
> and torches as engineers at the vendors, so why that here with ND?
>
> Sort of defeats the whole point of doing extensible AAA IMHO, or at least
> only gives half the necessary function. Beggars (and non-coding types like
> me) can't be choosers, but would be nice that requirement removed to
> pre-add users, and sounds like others would appreciate a better
> authorization and privilege level methodology as well.
>
> -mb
>
>
> On Thu, Jan 24, 2019 at 6:30 AM Oliver Gorwits <[email protected]> wrote:
>
>> Hi Gustaf and Michael
>>
>> I guess we can combine the two ... load users into Netdisco's DB that are
>> preconfigured for LDAP access and for various user roles.
>>
>> The best way right now is using direct SQL as we don't have an API
>> endpoint for this or a netdisco-do subcommand (action) written.
>>
>> Something like:
>> https://nopaste.xyz/?050395c68956a89f#f6aop4tgtlX50FdT6XnReYhkkIhQXWqBUAjrCFcNqw0=
>>
>> Change the true/false values to your taste.
>>
>> hope that helps,
>>
>> regards,
>> oliver.
>>
>> On Thu, 24 Jan 2019 at 07:11, Ankarloo, Gustaf <[email protected]>
>> wrote:
>>
>>> Why not use the LDAP integration?
>>>
>>> *https://github.com/netdisco/netdisco/wiki/Configuration#ldap
>>> <https://github.com/netdisco/netdisco/wiki/Configuration#ldap>*
>>>
>>>
>>>
>>>
>>> *Med vänlig hälsning Gustaf*
>>>
>>> *Gustaf Ankarloo *| Technical Specialist
>>>
>>> Dedicated Infrastructure Services South
>>>
>>> GIS Scandinavia | *CGI* Sweden
>>> Grafiska vägen 22, 400 20 Göteborg | Sweden
>>> T: +46 31 761 14 57| M: +46 705 67 14 57
>>> [email protected] | www.cgi.se <http://www.logica.se/>
>>>
>>> [image: Beskrivning: x10sctmp11]
>>>
>>>
>>> CONFIDENTIALITY NOTICE: Proprietary/Confidential Information belonging
>>> to CGI Group Inc. and its affiliates may be contained in this message. If
>>> you are not a recipient indicated or intended in this message (or
>>> responsible for delivery of this message to such person), or you think for
>>> any reason that this message may have been addressed to you in error, you
>>> may not use or copy or deliver this message to anyone else. In such case,
>>> you should destroy this message and are asked to notify the sender by reply
>>> e-mail.
>>>
>>>
>>>
>>> *From:* Michael Dano <[email protected]>
>>> *Sent:* Wednesday, 23 January, 2019 21:29
>>> *To:* [email protected]
>>> *Subject:* [Netdisco] Adding users to Netdisco via script for database
>>>
>>>
>>>
>>> We are attempting to come up with a way to automatically add and remove
>>> users on our Netdisco system. We currently have a script that will allow us
>>> to pull a list of users from our AD system and add them as users on our
>>> Ubuntu servers. We would like to modify this script to automatically add
>>> users into the netdisco database to give them access based one the AD
>>> groups they belong too. Our issue is we are not quite sure what tables we
>>> would need to add users in. We also want to know if the same table is the
>>> one that would give them user or admin access, since some IT users would
>>> need different levels access.
>>>
>>>
>>>
>>> Any assistance or direction on this would be greatly appreciated.
>>>
>>> *Mike Dano*
>>>
>>> *Infrastructure Administrator, *
>>>
>>> *Infrastructure Security & Support*
>>>
>>> Baker College System
>>>
>>> O: 810-766-4120| M: 810-650-0947
>>>
>>>
>>> _______________________________________________
>>> Netdisco mailing list
>>> [email protected]
>>> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>>
>> _______________________________________________
>> Netdisco mailing list
>> [email protected]
>> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>
> _______________________________________________
> Netdisco mailing list
> [email protected]
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
[email protected]
https://lists.sourceforge.net/lists/listinfo/netdisco-users
