Add 2 AD groups to LDAP config file

[srilaxmiwas]

Hi,
can anyone please help me with setting up 2 AD accounts into Ldap config file, 1 AD group needs to be super user access and the other AD group needs to be only read-only access.

1st AD account name: : Netbox Admins
2nd AD account name: Netbox Users

NetBox admins are able to login into the NetBox but NetBox users are not

ldap config file:

import ldap

Server URI
AUTH_LDAP_SERVER_URI = "ldap://XXXXXXX"

The following may be needed if you are binding to Active Directory.
AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_REFERRALS: 0
}

Set the DN and password for the NetBox service account.
AUTH_LDAP_BIND_DN = "CN=admins,OU=CEF,OU=group_Accounts,OU=Accounts,DC=example,DC=com"
AUTH_LDAP_BIND_PASSWORD = "XXXXXXX"

Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
Note that this is a NetBox-specific setting which sets:
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
LDAP_IGNORE_CERT_ERRORS = True

from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType, GroupOfNamesType, LDAPGroupQuery

This search matches users with the sAMAccountName equal to the provided username. This is required if the user's
username is not in their DN (Active Directory).
AUTH_LDAP_USER_SEARCH = LDAPSearch("OU=Teams,OU=Accounts,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(sAMAccountName=%(user)s)")

If a user's DN is producible from their username, we don't need to search.
#AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=domain,dc=local"

You can map user attributes to Django attributes as so.
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "givenName",
"last_name": "sn",
"email": "mail"
}

#from django_auth_ldap.config import LDAPSearch, NestedGroupOfNamesType

This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
hierarchy.
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("OU=ABC,OU=Teams,OU=Team_Groups,DC=example,DC=com", ldap.SCOPE_SUBTREE, "(objectClass=group)")

AUTH_LDAP_GROUP_TYPE = NestedGroupOfNamesType()

Mirror LDAP group assignments.
AUTH_LDAP_MIRROR_GROUPS = True

Define a group required to login.
AUTH_LDAP_REQUIRE_GROUP=(
LDAPGroupQuery("CN=Netbox Users,OU=ABC,OU=teams,OU=Team_Groups,DC=example,DC=com")
|LDAPGroupQuery("CN=NetBox Admins,OU=CEF,OU=Teams,OU=Team_Groups,DC=example,DC=com")
)

AUTH_LDAP_USER_FLAGS_BY_GROUP={
"is_superuser": "CN=NetBox Admins,OU=CEF,OU=Teams,OU=Team_Groups,DC=example,DC=com",
"is_active": (
LDAPGroupQuery("CN=Netbox Users,OU=ABC,OU=Teams,OU=Team_Groups,DC=example,DC=com")
|LDAPGroupQuery("CN=NetBox Admins,OU=CEF,OU=Teams,OU=Team_Groups,DC=example,DC=com")
),
"is_staff": (
LDAPGroupQuery("CN=NetBox Admins,OU=CEF,OU=Teams,OU=Team_Groups,DC=example,DC=com")
|LDAPGroupQuery("CN=Netbox Users,OU=ABC,OU=Teams,OU=Team_Groups,DC=example,DC=com")
)
}

For more granular permissions, we can map LDAP groups to Django groups.
AUTH_LDAP_FIND_GROUP_PERMS = True

Cache groups for one hour to reduce LDAP traffic
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_CACHE_TIMEOUT = 1

AUTHENTICATION_BACKENDS = (
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
)

import logging, logging.handlers
logfile = "/data/netbox/logs/django-ldap-debug.log"
my_logger = logging.getLogger('django_auth_ldap')
my_logger.setLevel(logging.DEBUG)
handler = logging.handlers.RotatingFileHandler(
logfile, maxBytes=1024 * 500, backupCount=5)
my_logger.addHandler(handler)

Thanks