Banno / getsentry-ldap-auth

A Sentry extension to add an LDAP server as an authention source.
Apache License 2.0
163 stars 54 forks source link

Adding an ability to map LDAP groups to respective roles of the organisation #23

Closed creitve closed 5 years ago

creitve commented 7 years ago

Closes #21

Quentin-M commented 6 years ago

@barronhagerman This addresses https://github.com/Banno/getsentry-ldap-auth/issues/21, doesn't it? I would love to have that included.

creitve commented 6 years ago

@barronhagerman Yes, but I'll double check. It worked fine in test environment, I'll just verify that it's been deployed and that we are using it and get back to you then.

agis commented 6 years ago

Any ideas what it would require to get support for team management via LDAP?

For example:

aleksihakli commented 6 years ago

@agis you can write a custom authentication backend that targets Sentry. On login a backend could check the associated groups from the directory via LDAP and modify the necessary teams :) You could add the custom logic to the end of the current authentication backend :)

rgarrigue commented 5 years ago

@barronhagerman will this be merged somewhen ?

creitve commented 5 years ago

@barronhagerman will this be merged somewhen ?

My turn to feel shame, I completely forgot to provide an update. Per prior discussion, this shouldn't be merged as-is since its default behaviour isn't really secure without extra firewalling. Will get back within 2 days.

ananace commented 5 years ago

Any updates on this? Would love to have this feature as well.

aleksihakli commented 5 years ago

The default mapping should be changed from member to something a bit safer IMHO.