search

Banno / getsentry-ldap-auth

A Sentry extension to add an LDAP server as an authention source.
Apache License 2.0
163 stars 53 forks source link

Not able to login with Sentry 20 #52

Open zeqk opened 3 years ago

zeqk commented 3 years ago

Dear getsentry-ldap-auth developers and another users,

I'am not able to login with Sentry 20 with python 3 (Sentry onpremise version https://github.com/getsentry/onpremise/releases/tag/20.11.1)

The installation it's ok, but when I try to login using the ldap credentials, I am not able to login. No log is generated in ldap2.log

sentry dockerfile (for the installation)

ARG SENTRY_IMAGE
ARG SENTRY_PYTHON3
FROM ${SENTRY_IMAGE}${SENTRY_PYTHON3:+-py3}

COPY . /usr/src/sentry

# Hook for installing additional plugins
RUN apt-get update && apt-get install -y build-essential libsasl2-dev python-dev libldap2-dev libssl-dev; gcc --version;
RUN pip install python-ldap sentry-ldap-auth
RUN if [ -s /usr/src/sentry/requirements.txt ]; then pip install -r /usr/src/sentry/requirements.txt; fi

requeriments.txt (for the installation)

# Add plugins here
sentry-ldap-auth

sentry.conf.py (remplazing sentry_ldap_server , sentry_ldap_bind_dn , sentry_ldap_bind_password with my values)

AUTH_LDAP_SERVER_URI = 'ldap://{{ sentry_ldap_server }}'
AUTH_LDAP_BIND_DN = '{{ sentry_ldap_bind_dn }}'
AUTH_LDAP_BIND_PASSWORD = '{{ sentry_ldap_bind_password }}'

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'DC=n,DC=local',
    ldap.SCOPE_SUBTREE,
    u"(sAMAccountName=%(user)s)",
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    '',
    ldap.SCOPE_SUBTREE,
    u'(objectClass=group)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None
AUTH_LDAP_MIRROR_GROUPS = False  # does not work with Sentry

AUTH_LDAP_USER_ATTR_MAP = {
    "username": "sAMAccountName",
    "first_name": u"givenName",
    "last_name": u"sn",
    "email": "mail",
}

AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_DEBUG_LEVEL: 0,
    ldap.OPT_REFERRALS: 0,
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = False
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Softlab'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_GROUP_ROLE_MAPPING = {
    'owner': ['S 2093'],
    'admin': ['S 2093'],
    'member': ['S  2093']
}
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = False
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False
AUTH_LDAP_DEFAULT_EMAIL_DOMAIN = 'example.com'
# AUTH_LDAP_SENTRY_USERNAME_FIELD = 'sAMAccountName'

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler(r"/home/sentry/ldap2.log"))
logger.setLevel('DEBUG')

No log is generated in /home/sentry/ldap2.log, and no errors either.

looks like sentry is not using SentryLdapBackend at all

Are you tried this plugins with Sentry 20 with python 3 (Sentry onpremise version https://github.com/getsentry/onpremise/releases/tag/20.11.1)? Does you have any recommendation?

Thank you very much

pedrofurtado commented 3 years ago

hey everyone! any ideas/help on it? same situation here 👍