--- # Secret containing LDAP bind password apiVersion: v1 kind: Secret metadata: name: netbox-ldap-ad-secret namespace: default type: Opaque stringData: # LDAP service account bind password password: "YourSecurePasswordHere" --- # NetBoxEnterprise with Active Directory LDAP authentication apiVersion: netboxlabs.com/v1alpha1 kind: NetBoxEnterprise metadata: name: netbox-ldap-ad namespace: default spec: imagePullPolicy: IfNotPresent netbox: replicas: 1 image: pullPolicy: IfNotPresent config: auth: # Auto-create users on first login (default: true) autoCreateUser: true # LDAP authentication configuration for Active Directory ldap: # LDAP server URI - use ldaps:// for SSL/TLS # Can specify multiple servers: "ldaps://dc1.example.com:636 ldaps://dc2.example.com:636" serverUri: "ldaps://ad.example.com:636" # Service account distinguished name for LDAP bind bindDn: "CN=NetBox Service,OU=Service Accounts,DC=example,DC=com" # Reference to secret containing bind password bindPassword: name: netbox-ldap-ad-secret key: password # Ignore certificate errors (default: false) # Set to true only for testing with self-signed certificates ignoreCertErrors: false # LDAP connection options as Python dict # Default prevents following LDAP referrals connectionOptions: "{ ldap.OPT_REFERRALS: 0 }" # Cache timeout in seconds (default: 300) # Set to 0 for testing, 300+ for production cacheTimeout: 300 # User search configuration userSearch: # LDAP attribute containing username # Active Directory typically uses sAMAccountName searchAttr: "sAMAccountName" # Base DN for user searches # Adjust to match your AD structure searchBaseDn: "CN=Users,DC=example,DC=com" # Search scope (default: "subtree") # Options: "subtree" (search all descendants), "onelevel" (direct children), "base" (base DN only) searchScope: "subtree" # Optional: Custom search filter template # Use %(user)s as username placeholder # If not specified, defaults to "(sAMAccountName=%(user)s)" # searchFilter: "(sAMAccountName=%(user)s)" # Group configuration groups: # Type of LDAP group structure # Active Directory uses nested groups with memberOf attribute # Options: "nestedGroupOfNames", "activeDirectoryGroup", "nestedActiveDirectoryGroup", # "posixGroup", "groupOfNames", "groupOfUniqueNames" groupType: "nestedGroupOfNames" # Base DN for group searches searchBaseDn: "CN=Users,DC=example,DC=com" # Enable group-based access control (default: true) # Checks user's group memberships for permissions findGroupPerms: true # Auto-create NetBox groups matching LDAP groups (default: true) # NetBox groups will be created to match user's LDAP group memberships mirrorGroups: true # Optional: Required group DN for login access # Users must be members of this group to log in requireGroupDn: "CN=NetBox Users,CN=Users,DC=example,DC=com" # Optional: Group DN for staff/admin status # Members of this group can access the NetBox admin interface isAdminDn: "CN=NetBox Admins,CN=Users,DC=example,DC=com" # Optional: Group DN for superuser status # Members of this group have all permissions and unrestricted access isSuperuserDn: "CN=NetBox Superusers,CN=Users,DC=example,DC=com" worker: replicas: 1 # Diode configuration (optional) diode: enabled: false # PostgreSQL configuration (operator-managed) postgresql: external: false # Redis configuration (operator-managed) redis: external: false