search

getsentry / self-hosted

Sentry, feature-complete and packaged up for low-volume deployments and proofs-of-concept
https://develop.sentry.dev/self-hosted/
Other
7.75k stars 1.75k forks source link

auth-ldap doesn't work as expected #2087

Closed ghost closed 1 year ago

ghost commented 1 year ago

Self-Hosted Version

23.3.1

CPU Architecture

x86-63

Docker Version

23.0.2

Docker Compose Version

2.17.2

Steps to Reproduce

Add LDAP to the enhanced image:

apt-get update && \
                apt-get install -y --no-install-recommends gcc libsasl2-dev libldap2-dev libssl-dev  && \
                        rm -r /var/lib/apt/lists/*

pip install sentry-ldap-auth

Add LDAP to the sentry.conf.py before building Sentry.
My LDAP allows the anonymous listing

#############

LDAP auth

#############

import ldap from django_auth_ldap.config import LDAPSearch, PosixGroupType

AUTH_LDAP_SERVER_URI = 'ldap://ldap1.myhost.internal:389'

AUTH_LDAP_USER_SEARCH = LDAPSearch( 'cn=accounts,dc=mycompany,dc=internal', ldap.SCOPE_SUBTREE, '(uid=%(user)s)', )

AUTH_LDAP_GROUP_SEARCH = LDAPSearch( "cn=accounts,dc=mycompany,dc=internal", ldap.SCOPE_SUBTREE, "(objectClass=PosixGroup)" )

AUTH_LDAP_GROUP_TYPE = PosixGroupType() AUTH_LDAP_REQUIRE_GROUP = None AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = { "first_name": "givenname", "last_name": "sn", "email": "mail" }

AUTH_LDAP_FIND_GROUP_PERMS = False

AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = 'Sentry'

AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'

AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True

AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False

AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid' SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + ( 'sentry_ldap_auth.backend.SentryLdapBackend', )

optional, for debugging

import logging logger = logging.getLogger('django_auth_ldap') logger.addHandler(logging.StreamHandler()) logger.addHandler(logging.FileHandler('/var/log/sentry_ldap.log')) logger.setLevel('DEBUG')

LOGGING['overridable'] = ['sentry', 'django_auth_ldap'] LOGGING['loggers']['django_auth_ldap'] = { 'handlers': ['console'], 'level': 'DEBUG' }



### Expected Result

To see LDAP users listed in Sentry or at least to be able to login via the LDAP account. None of these goals is being reached.

### Actual Result

Users from LDAP are not available in Sentry, Sentry build log show no errors.
Enabling ldap-auth logs is not possible as in case of uncommenting it, I'm  getting:
`
PermissionError: [Errno 13] Unable to load configuration file (Permission denied): '/var/log/sentry_ldap.log'")`

Please help to clarify the issue cause or at least to enable logging.

### Event ID

_No response_
hubertdeng123 commented 1 year ago

sentry-ldap-auth is not officially supported by Sentry. It looks like someone else ran into issues using something like that though?

https://github.com/getsentry/self-hosted/issues/2083#issuecomment-1509148590

github-actions[bot] commented 1 year ago

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀