How to set up to auth via MS Active Directory or LDAP

We have installed Sentry on premise (version 8.14.1) and have it all working nicely.

We would like to set Sentry so that we can authorize against our active directory.

I’m struggling to find anything that details how this can be achieved.

When following the documentation for single sign on and also looked through the forum (an unanswered same Q Authenticate login with Active Direcotry / OAuth) but can’t seem to find anything that points me in the right direction.

Is it possible to set an on premise to auth via AD/LDAP? If so, could someone please point me in the right direction.

Thanks :slight_smile:

Here’s your pointer… :wink: https://github.com/banno/getsentry-ldap-auth

If you beat me to it, it’d be nice if you’d describe pitfalls or other special things on the way, since I have this on my heap of things to do, too.

Awesome, thanks! and yes, I’ll add anything i discover.

So i am facing the very same task atm. I went ahead and used the onpremise repo and tried hacking on top. I think in theory that should work as it worked for other plugins, but it fails because python-ldap needs the libldap2-dev package to be able to successfully “pip install python-ldap”. Is there any way around completely copying the while docker hub sentry setup? That would be prohibitively reinventing the wheel.

Disclaimer: I am a Docker newbie :slight_smile:

Cheers,
Thorsten

So for reference i got this to work by doing the following:

instead of adding it to requirements.txt directly i added the following to the Dockerfile:

RUN apt-get update && apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev
RUN pip install sentry-ldap-auth

Then i added all configuration options to sentry.conf.py. It is very cumbersome to debug issues in the ldap setup through docker though. As a side note what helped me a lot was adding the following to the end of sentry.conf.py to enable logging to a non-detached docker container (e.g. docker-compose up rather than docker-compose -d up).

import logging
logger = logging.getLogger(‘django_auth_ldap’)
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler(r"/tmp/ldap2.log"))
logger.setLevel(‘DEBUG’)

LOGGING[‘overridable’] = [‘sentry’, ‘django_auth_ldap’ ]
LOGGING[‘loggers’][‘django_auth_ldap’] = {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’
}

As an important note if you are working against an Active Directory rathern than LDAP the following setting is crucial or you won’t be able to do a successful bind. As far as i understood the referrals one is required.

AUTH_LDAP_CONNECTION_OPTIONS = {
ldap.OPT_DEBUG_LEVEL: 0,
ldap.OPT_REFERRALS: 0,
}

Still struggling a little with various issues, but generally it’s working like this.

Hope that helps,
Thorsten

1 Like

Hello, instinct-vfx.

Do you can post this you sentry-config with AD-auth for example?