Banno / getsentry-ldap-auth

A Sentry extension to add an LDAP server as an authention source.
Apache License 2.0
163 stars 55 forks source link

'User' object has no attribute 'groups' #58

Closed switchtower closed 3 years ago

switchtower commented 3 years ago

Following the example configuration and the configuration in the README, I'm getting the following error:

I'm running the latest version of Sentry

127.0.0.1 - - [17/Sep/2021:18:55:34 +0000] "POST /auth/login/sentry/ HTTP/1.0" 200 12233 "http://sentry.<redacted>.com/auth/login/sentry/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:92.0) Gecko/20100101 Firefox/92.0"
Traceback (most recent call last):
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/sentry/sentry/lib/python3.6/site-packages/sentry/../sentry_sdk/integrations/django/views.py", line 67, in sentry_wrapped_callback
    return callback(request, *args, **kwargs)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/home/sentry/sentry/lib/python3.6/site-packages/sentry/web/frontend/base.py", line 228, in dispatch
    return self.handle(request, *args, **kwargs)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/views/decorators/cache.py", line 44, in _wrapped_view_func
    response = view_func(request, *args, **kwargs)
  File "/usr/lib64/python3.6/contextlib.py", line 52, in inner
    return func(*args, **kwds)
  File "/home/sentry/sentry/lib/python3.6/site-packages/sentry/web/frontend/auth_organization_login.py", line 68, in handle
    response = self.handle_basic_auth(request, organization=organization)
  File "/home/sentry/sentry/lib/python3.6/site-packages/sentry/web/frontend/auth_login.py", line 199, in handle_basic_auth
    elif login_form.is_valid():
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/forms/forms.py", line 185, in is_valid
    return self.is_bound and not self.errors
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/forms/forms.py", line 180, in errors
    self.full_clean()
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/forms/forms.py", line 382, in full_clean
    self._clean_form()
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/forms/forms.py", line 409, in _clean_form
    cleaned_data = self.clean()
  File "/home/sentry/sentry/lib/python3.6/site-packages/sentry/web/forms/accounts.py", line 129, in clean
    self.user_cache = authenticate(username=username, password=password)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 73, in authenticate
    user = backend.authenticate(request, **credentials)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django_auth_ldap/backend.py", line 150, in authenticate
    user = self.authenticate_ldap_user(ldap_user, password)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django_auth_ldap/backend.py", line 210, in authenticate_ldap_user
    return ldap_user.authenticate(password)
  File "/home/sentry/sentry/lib/python3.6/site-packages/django_auth_ldap/backend.py", line 350, in authenticate
    self._get_or_create_user()
  File "/home/sentry/sentry/lib/python3.6/site-packages/django_auth_ldap/backend.py", line 617, in _get_or_create_user
    self._mirror_groups()
  File "/home/sentry/sentry/lib/python3.6/site-packages/django_auth_ldap/backend.py", line 720, in _mirror_groups
    current_group_names = frozenset(self._user.groups.values_list('name', flat=True).iterator())
AttributeError: 'User' object has no attribute 'groups'
18:55:40 [ERROR] django.request: Internal Server Error: /auth/login/sentry/ (status_code=500 request=<WSGIRequest: POST '/auth/login/sentry/'>)

Configuration:

AUTH_LDAP_SERVER_URI = "ldaps://ip_address"
AUTH_LDAP_START_TLS = False
AUTH_LDAP_MIRROR_GROUPS = True
AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_X_TLS_REQUIRE_CERT: False
}
AUTH_LDAP_BIND_DN = "uid=removed_for_security, cn=users, cn=accounts, dc=idm, dc=<redacted>, dc=com"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch(
    "cn=users, cn=accounts, dc=idm, dc=<redacted>, dc=com",
    ldap.SCOPE_SUBTREE, "(uid=%(user)s)"
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    "cn=groups, cn=accounts, dc=idm, dc=<redacted>, dc=com",
    ldap.SCOPE_SUBTREE, "(objectClass=groupOfNames)"
)

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail"
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'LW NOC'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_GROUP_ROLE_MAPPING = {
    'owner': ['networking'],
}
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid'

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)