From 3b28ef7680a002742fc2c5223702360f62f82500 Mon Sep 17 00:00:00 2001
From: Tobias Genannt <t.genannt@scanplus.de>
Date: Mon, 5 Jul 2021 12:31:52 +0200
Subject: [PATCH] Load LDAP groups for API token authenticated users

When users are authenticated with an API token not all permissions where
assigned to the session because the LDAP group memberships where not
available.
Now the information is loaded from the directory if the user is found.
If not the local group memberships are used.
---
 netbox/netbox/api/authentication.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/netbox/netbox/api/authentication.py b/netbox/netbox/api/authentication.py
index 1cb32c1e4..76bb0f983 100644
--- a/netbox/netbox/api/authentication.py
+++ b/netbox/netbox/api/authentication.py
@@ -25,6 +25,16 @@ class TokenAuthentication(authentication.TokenAuthentication):
         if not token.user.is_active:
             raise exceptions.AuthenticationFailed("User inactive")
 
+        # When LDAP authentication is active try to load user data from LDAP directory
+        if (settings.REMOTE_AUTH_ENABLED and
+                settings.REMOTE_AUTH_BACKEND == 'netbox.authentication.LDAPBackend'):
+            from netbox.authentication import LDAPBackend
+            ldap_backend = LDAPBackend()
+            user = ldap_backend.populate_user(token.user.username)
+            # If the user is found in the LDAP directory use it, if not fallback to the local user
+            if user:
+                return user, token
+
         return token.user, token