Hi,
I have attempted to use both getsentry-ldap-auth plugin and sentry-auth-gitlab on a new on-premise installation using docker. For both plugins it is unclear to me how they should be activated. I have configured them both (separate from each other), but they both do not show up in the Auth section in the menu. Can someone explain in a little more detail how one of these plugins should be used / activated?
If this is OpenLDAP, then you can use my config (on the Centos 7):
*Check LDAP-service work:*
# ldapsearch -x -LLL -h 10.10.10.12 -D “cn=Manager,dc=temp,dc=domain,dc=ru” -W -b “ou=People,dc=temp,dc=domain,dc=ru” -s sub “(uid=Ivanov)” cn mail
Enter LDAP Password:
dn: uid=Ivanov,ou=People,dc=temp,dc=domain,dc=ru
cn: Ivanov
*Configure sentry config:*
# cat >> /sentry/sentry.conf.py <<END
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType
AUTH_LDAP_SERVER_URI = 'ldap://10.10.10.12’
AUTH_LDAP_BIND_DN = 'cn=user,dc=temp,dc=domain,dc=ru
AUTH_LDAP_BIND_PASSWORD = ‘123’
AUTH_LDAP_USER_SEARCH = LDAPSearch(
‘ou=Users,dc=temp,dc=domain,dc=ru’,
ldap.SCOPE_SUBTREE,
’(uid=%(user)s)’,
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
‘ou=Groups,dc=temp,dc=domain,dc=ru’,
ldap.SCOPE_SUBTREE,
’(objectClass=groupOfUniqueNames)’
)
AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = 'cn=adminsupport,dc=temp,dc=domain,dc=ru’
AUTH_LDAP_DENY_GROUP = None
AUTH_LDAP_USER_ATTR_MAP = {
‘name’: ‘cn’,
‘email’: ‘mail’
}
AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u’Sentry’
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member’
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True
AUTH_LDAP_DEFAULT_EMAIL_DOMAIN = ‘test domain company’
AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
‘sentry_ldap_auth.backend.SentryLdapBackend’,
)
import logging
logger = logging.getLogger(‘django_auth_ldap’)
logger.addHandler(logging.StreamHandler())
logger.setLevel(‘DEBUG’)
END
*restart sentry service*
# systemctl restart sentry-web sentry-worker sentry-cron
This is work on the OpenLDAP, but not AD.
Thanks! So I do not need any additional configuration inside Sentry besides the update to sentry.conf.py? I already tried with the example config from the ldap plugin github page, but then I saw no additional ldap messages being logged at moment of login. So that lead me to believe that I somehow needed to active the plugin somewhere.
Oh, sorry.
I forgot write about install plugin:
# pip install python-ldap django-auth-ldap sentry-ldap-auth
Install this plugin, edit config and restart Sentry-services
LDAP messages I do not see too, but user auth in the Sentry and this is fine for me.
Thanks for your help. I eventually found the cause for my problems, they were unrelated to LDAP or Gitlab. I use the onpremise setup via docker-compose to start the environment. I symlinked the configured files, so that I could easily edit them via my computer. But as it turns out that does not work, the symlink is copied into the containers, the configuration files were never loaded correctly.
hi,has this problem been solved? I have the same problem.