Connecting AD to Sentry through sentry-ldap-auth plugin

Hello all,

I’m attempting to get authentication working through AD. I have other services that work fine with that environment, but when I try to use sentry-ldap-auth for AD authentication, I keep getting unsuccessful login attempts. Authentication works through the ldapsearch command line tool.

Does ldap with AD backend work? If so I would appreciate any help debugging the issues (and will attach necessary information), but I’m wondering at a high level if there is any issues using AD.

Thanks!

It’s not something we officially support here, but are you talking about this repo?

If so it’s likely going to be problematic as it doesn’t rely on our SSO framework, but rather hooks into Django’s (the framework we use) native authentication flows, which we only partially support and use.

Yes this is the one I was referring to. It has proven to be problematic thus far. Our organization utilizes LDAP with an AD back-end so we can manage authorization in one place across all of the different services we provide. Is it possible to leverage LDAP with Sentry using existing projects or through Sentry itself?

I appreciate your help!

Nothing we’ve done officially. getsentry-auth-ldap was the closest. I will say that I’m not 100% sure why it wouldn’t work - we don’t officially support doing these kinds of things, but we also havent explicitly crippled it. Under the hood it uses django-auth-ldap (https://django-auth-ldap.readthedocs.io/en/latest/) so its possible something in there might help with your debugging woes.

That link did help, I ended up getting it working.

Thanks a bunch!

Can you post your solution, please?

1 Like

@jeffersonlmartins it was all in the configuration of the linked plugin. I was searching for the wrong value in the LDAP search and I didn’t map the values properly in the AUTH_LDAP_USER_ATTR_MAP section