Load LDAP groups for API token authenticated users

When users are authenticated with an API token not all permissions where assigned to the session because the LDAP group memberships where not available. Now the information is loaded from the directory if the user is found. If not the local group memberships are used.
2024-05-10 07:54:54 +00:00 · 2021-07-05 12:31:52 +02:00
parent 4abfa6231c
commit a3d40e3521
1 changed files with 10 additions and 0 deletions
--- a/netbox/netbox/api/authentication.py
+++ b/netbox/netbox/api/authentication.py
@ -25,6 +25,16 @@ class TokenAuthentication(authentication.TokenAuthentication):
        if not token.user.is_active:
            raise exceptions.AuthenticationFailed("User inactive")

+        # When LDAP authentication is active try to load user data from LDAP directory
+        if (settings.REMOTE_AUTH_ENABLED and
+                settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend'):
+            from netbox.authentication import LDAPBackend
+            ldap_backend = LDAPBackend()
+            user = ldap_backend.populate_user(token.user.username)
+            # If the user is found in the LDAP directory use it, if not fallback to the local user
+            if user:
+                return user, token
+
        return token.user, token