Authentication via gitlab or ldap


#1

Hi,

I have attempted to use both getsentry-ldap-auth plugin and sentry-auth-gitlab on a new on-premise installation using docker. For both plugins it is unclear to me how they should be activated. I have configured them both (separate from each other), but they both do not show up in the Auth section in the menu. Can someone explain in a little more detail how one of these plugins should be used / activated?


#2

If this is OpenLDAP, then you can use my config (on the Centos 7):

*Check LDAP-service work:*
# ldapsearch -x -LLL -h 10.10.10.12 -D “cn=Manager,dc=temp,dc=domain,dc=ru” -W -b “ou=People,dc=temp,dc=domain,dc=ru” -s sub “(uid=Ivanov)” cn mail
Enter LDAP Password:
dn: uid=Ivanov,ou=People,dc=temp,dc=domain,dc=ru
cn: Ivanov

*Configure sentry config:*
# cat >> /sentry/sentry.conf.py <<END
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType

AUTH_LDAP_SERVER_URI = 'ldap://10.10.10.12’
AUTH_LDAP_BIND_DN = 'cn=user,dc=temp,dc=domain,dc=ru
AUTH_LDAP_BIND_PASSWORD = ‘123’

AUTH_LDAP_USER_SEARCH = LDAPSearch(
‘ou=Users,dc=temp,dc=domain,dc=ru’,
ldap.SCOPE_SUBTREE,
’(uid=%(user)s)’,
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
‘ou=Groups,dc=temp,dc=domain,dc=ru’,
ldap.SCOPE_SUBTREE,
’(objectClass=groupOfUniqueNames)’
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = 'cn=adminsupport,dc=temp,dc=domain,dc=ru’
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
‘name’: ‘cn’,
‘email’: ‘mail’
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u’Sentry’
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member’
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True

AUTH_LDAP_DEFAULT_EMAIL_DOMAIN = ‘test domain company’

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
‘sentry_ldap_auth.backend.SentryLdapBackend’,
)

import logging
logger = logging.getLogger(‘django_auth_ldap’)
logger.addHandler(logging.StreamHandler())
logger.setLevel(‘DEBUG’)

END

*restart sentry service*
# systemctl restart sentry-web sentry-worker sentry-cron

This is work on the OpenLDAP, but not AD.


#3

Thanks! So I do not need any additional configuration inside Sentry besides the update to sentry.conf.py? I already tried with the example config from the ldap plugin github page, but then I saw no additional ldap messages being logged at moment of login. So that lead me to believe that I somehow needed to active the plugin somewhere.


#4

Oh, sorry.

I forgot write about install plugin:

# pip install python-ldap django-auth-ldap sentry-ldap-auth

Install this plugin, edit config and restart Sentry-services

LDAP messages I do not see too, but user auth in the Sentry and this is fine for me.


#5

Thanks for your help. I eventually found the cause for my problems, they were unrelated to LDAP or Gitlab. I use the onpremise setup via docker-compose to start the environment. I symlinked the configured files, so that I could easily edit them via my computer. But as it turns out that does not work, the symlink is copied into the containers, the configuration files were never loaded correctly.


#6

hi,has this problem been solved? I have the same problem.