search

Banno / getsentry-ldap-auth

A Sentry extension to add an LDAP server as an authention source.
Apache License 2.0
163 stars 54 forks source link

Users not getting added to organization after log in #43

Open nikhileshva opened 4 years ago

nikhileshva commented 4 years ago

From the logs, I can see that authentication is successful; but the user is not added to any organization.

This is the log:

sentry 18:12:24 [DEBUG] django_auth_ldap: search_s('ou=users,dc=company,dc=net', 2, '(uid=%(user)s)') returned 1 objects: uid=myuserid,ou=users,dc=company,dc=net (request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd')                   │
│ sentry 18:12:24 [DEBUG] django_auth_ldap: search_s('ou=users,dc=company,dc=net', 2, '(uid=%(user)s)') returned 1 objects: uid=myuserid,ou=users,dc=company,dc=net (request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd')                   │
│ sentry 18:12:24 [DEBUG] django_auth_ldap: Populating Django user myuserid (request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd')                                                                                                           │
│ sentry 18:12:24 [DEBUG] django_auth_ldap: Populating Django user myuserid (request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd')                                                                                                           │
│ sentry 18:12:24 [WARNING] django_auth_ldap: uid=myuserid,ou=users,dc=company,dc=net does not have a value for the attribute user (request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd')                                                    │
│ sentry 18:12:24 [WARNING] django_auth_ldap: uid=myuserid,ou=users,dc=company,dc=net does not have a value for the attribute user (request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd')                                                    │
│ sentry 18:12:24 [INFO] sentry.auth: user.auth.success (username=u'myuserid' organization_id=1L request_id=u'cfcd0ea7-ad83-4c38-94c1-49f75bce07cd' ip_address=u'ip.add.re.ss')                                                          │
│ sentry 10.4.82.9 - - [17/Dec/2019:18:12:24 +0000] "POST /auth/login/sentry/ HTTP/1.1" 302 1001 "https://sentry.company.net/auth/login/sentry/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebK │
│ it/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"                                                                                                                                                                        │
│ sentry 18:12:24 [INFO] sentry.web.frontend.base: User is not a member of any organizations (request_id=u'53dd66a0-0087-4966-9ea2-d87acc7c9247')

Env variables set

LDAP_DEFAULT_SENTRY_ORGANIZATION=u'Sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True

Authentication backend is also correct:

    AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
        'sentry_ldap_auth.backend.SentryLdapBackend',
    )

I'm not sure if there's some issue with my configurations or it doesn't work in general.

MrGreenTea commented 4 years ago

You should take a look at

LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'

It might be that the name is incorrect. It's matched case-sensitive, so it might be that.

If you're using docker-compose you can test with 

docker-compose run --rm web shell
>>> from django.conf import settings
>>> from sentry.models import Organization
>>> Organization.objects.filter(name=settings.AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION)

If it shows an empty list, try different values for name. When you manage to find the correct value, change it to that in your config.

Badrmoh commented 4 years ago

I have the same problem. I checked @MrGreenTea 's suggestion but no luck. In logs it gives me the corresponding organization_id, but still user is not added. What is even weirder is that organization_id is correct after checking in the database! Anyone has a suggestion?

sentry-web | 15:35:35 [DEBUG] django_auth_ldap: search_s('cn=badr ibrahim,ou=internal,ou=user,ou=organization,dc=organization,dc=local', 0, '(objectClass=*)') returned 1 objects: cn=badr ibrahim,ou=internal,ou=user,ou=organization,dc=organization,dc=local
sentry-web | 15:35:35 [INFO] sentry.auth: user.auth.success (username=u'badr.ibrahim' organization_id=1L ip_address=u'172.24.0.23')
sentry-web | 16:38:10 [INFO] sentry.web.frontend.base: User is not a member of any organizations

Organization configurations are :

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True

I have tried with both 'sentry' and 'Sentry', but none works. Also, I tested whether the organization exists:

>>> from django.conf import settings
>>> from sentry.models import Organization
>>> Organization.objects.filter(name=settings.AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION)
<BaseQuerySet [<Organization at 0x7f29506156d0: id=1L, owner_id=None, name=u'Sentry', slug=u'sentry'>]>
>>>
andialbrecht commented 4 years ago

We've had the same problem. In our case the issue was that we also had "django-auth-ldap" und "python-ldap" in our requirements.txt. After removing those requirements and doing a clean setup of the Python environment it worked. Maybe it's because of the new major version (2.x) of django-auth-ldap that gets installed when you have it in your requirements.txt?