search

Banno / getsentry-ldap-auth

A Sentry extension to add an LDAP server as an authention source.
Apache License 2.0
163 stars 53 forks source link

Has support for Sentry 20/21? #55

Open pedrofurtado opened 3 years ago

balonik commented 3 years ago

works for me with 21.1.0

pedrofurtado commented 3 years ago

@balonik How did you configure it?

pedrofurtado commented 3 years ago

Can you share the steps, @balonik ? We tried here, but without success

balonik commented 3 years ago

@pedrofurtado I did a git clone --depth 1 --branch 21.1.0 https://github.com/getsentry/onpremise.git and then modified the sentry/Dockerfile like this:

ARG SENTRY_IMAGE
ARG SENTRY_PYTHON2
FROM ${SENTRY_IMAGE}${SENTRY_PYTHON2:+-py2}

RUN apt-get update && apt-get install -y gcc libsasl2-dev python-dev libldap2-dev libssl-dev

RUN pip install python-ldap sentry-ldap-auth

COPY . /usr/src/sentry

# Hook for installing additional plugins
RUN if [ -s /usr/src/sentry/requirements.txt ]; then pip install -r /usr/src/sentry/requirements.txt; fi
pedrofurtado commented 3 years ago

Thanks for help @balonik !

It was needed to change something in sentry/sentry.conf.py, to make it work? If so, what configuration you defined? Can you share (omitting, of course, your credentials)? Anyway, I will make these steps in dockerfile firstly 🤝

Thanks again for your help @balonik!

balonik commented 3 years ago

@pedrofurtado nothing special, I have basically used the example configuration and changed AUTH_LDAP_SERVER_URI, AUTH_LDAP_BIND_* and AUTH_LDAP_*_SEARCH variables to match our LDAP setup.

pedrofurtado commented 3 years ago

hmmm, ok. After all this setup and configuration, every user that you created (or even the existing users) in sentry now is authenticating using ldap, right?

balonik commented 3 years ago

No, in this setup LDAP is only another auth method. There are still the default SSO auth methods and users can still use local users if you don't disable self registration. I suppose you can disable them by modifying the AUTHENTICATION_BACKENDS. I don't know what happens to existing users, didn't test it.

pedrofurtado commented 3 years ago

Strange 🤔 I made the configuration, edited dockerfile, rebuild docker compose containers, up all, but users still auths without ldap 😢

I wrote this on sentry.conf.py but no logs are in output:

import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler(r"/ldap2.log"))
logger.setLevel('DEBUG')

I don't know why is not working, and the logs not shows errors or something else 😕

pedrofurtado commented 3 years ago

@balonik Do you have some suggestion? I am blocked on it 😢

kirik commented 3 years ago

Got it working on 21.6.2. You need to add to sentry/entrypoint.sh (as this version does not include sentry/Dockerfile anymore):

apt-get update
apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev build-essential -y
rrauenza commented 2 years ago

One of the issues I had was I had to ignore certificate errors because the container doesn't have my certs:

AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_REFERRALS: False,
    ldap.OPT_PROTOCOL_VERSION: 3,
    ldap.OPT_NETWORK_TIMEOUT: 10,
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
}

AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_REFERRALS: False,
    ldap.OPT_PROTOCOL_VERSION: 3,
    ldap.OPT_NETWORK_TIMEOUT: 10,
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
}
huixisheng commented 2 years ago

vi Dockerfile

FROM getsentry/sentry:21.12.0
# https://www.broadcastify.com/listen/ctid/225
# https://github.com/Banno/getsentry-ldap-auth/issues/55
RUN apt-get update
RUN apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev build-essential
RUN apt-get install -y postgresql-client
RUN apt-get clean

docker build -t sentry-ldap-21.12.0 . docker tag sentry-ldap-21.12.0 harbor.xxx.com/sentry-ldap:21.12.0 docker push harbor.xxx.com/sentry-ldap:21.12.0

vi .env

SENTRY_IMAGE=harbor.xxx.com/sentry-ldap:21.12.0

vi sentry/sentry.conf.py 末尾添加

# ldap
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
AUTH_LDAP_SERVER_URI = 'ldap://your service'
AUTH_LDAP_BIND_DN = 'your config'
AUTH_LDAP_BIND_PASSWORD = 'your password'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
  'ou=xx,dc=xx,dc=cc',
  ldap.SCOPE_SUBTREE,
  '(cn=%(user)s)',
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
  'ou=xx,dc=xx,dc=cc',
  ldap.SCOPE_SUBTREE,
  '(objectClass=groupOfNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None
AUTH_LDAP_USER_ATTR_MAP = {
  'name': 'cn',
  'email': 'cn'
}
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True
AUTH_LDAP_SENTRY_GROUP_ROLE_MAPPING = {
  'owner': [],
  'admin': [],
  'member': [],
}
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn'
AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
  'sentry_ldap_auth.backend.SentryLdapBackend',
)
import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel('DEBUG')
MrTomek commented 2 years ago

FIX in 22.2.0 (https://github.com/getsentry/self-hosted)

You need to add to sentry / entrypoint.sh first 

apt-get update
apt-get install -y libpython2.7-dev python-dev libldap2-dev libsasl2-dev gcc
MortezaBashsiz commented 2 years ago

Hi At the moment, I am using sentry 22.6.0, and it is not compatible with this version Is there any update?

Dherlou commented 2 years ago

@MortezaBashsiz There is an active fork of this project at https://github.com/PMExtra/sentry-auth-ldap. This fork is compatibel with Sentry 21.9.0 up to the latest version of self-hosted sentry and the configuration is nearly identical. The new maintainer did a good job reviving this upstream repo.