Sentry auth users with Active Directory (no OpenLDAP)

Piknik1990 · September 12, 2017, 8:10am

Hello!

I have Active Directory on Windows 2008R2
domain test,comp,com
User: user in catalog test,comp,com/Users/
IP 10.10.10.1

and Sentry on CentOS 7
SELinux and Firewalld disable
IP 10.10.10.10
Installed:
pip install redis==2.10.5
pip install sentry pyyaml
sentry upgrade --noinput
sentry createuser --email sentry@test,com --password ‘123’ --superuser --no-input
yum -y install openldap-devel openldap-clients
pip install python-ldap django-auth-ldap sentry-ldap-auth
sentry run worker
sentry run web
sentry run cron

I need configure Sentry on authorization via AD.
My LDAP-config is follow:

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType

AUTH_LDAP_SERVER_URI = 'ldap://10.10.10.1'
AUTH_LDAP_BIND_DN = 'user'
AUTH_LDAP_BIND_PASSWORD = '1qaz@WSX'

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'cn=Users,dc=test,dc=comp,dc=com',
    ldap.SCOPE_SUBTREE,
    '(&(objectClass=user)(objectClass=person)',
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    'cn=Groups,dc=test,dc=comp,dc=com',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfUniqueNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
    'name': 'cn',
    'email': 'mail'
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'TEST'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel('DEBUG')

But this is have problem:
If I try connect on the AD-server via ldapsearch program, I successful login in the AD and in the Event Viewer Windows server logs about the successful entry and exit AD-user.
# ldapsearch -x -h 10.10.10.1 -D “user@test,comp,com” -W -b “cn=users,dc=test,dc=comp,dc=com” -s sub “(&(objectClass=user)(objectClass=person))” cn mail sn
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <cn=users,dc=test,dc=comp,dc=com> with scope subtree
# filter: (&(objectClass=user)(objectClass=person))
# requesting: cn mail sn
#
**** DATA OF AD-SERVER****
# search result
search: 2
result: 0 Success

# numResponses: 5
# numEntries: 4

If I try connect on the AD-server via Sentry WEB-interface, I get “Incorrect login” massage and in the Event Viewer Windows server no log nothing. No one. As I understand, Sentry does not even try to connect to the AD-server.

Do you have a work configuration to connect Sentry to the AD-server? In the Google I found only plugins for LDAP-auth.

Topic		Replies	Views
Connecting AD to Sentry through sentry-ldap-auth plugin Integrations	6	7513	July 3, 2019
Sentry AD (Active Directory) integration	1	2541	January 29, 2019
How to set up to auth via MS Active Directory or LDAP On-Premise	5	14459	September 4, 2017
How to Set up AD with Sentry 21.4.0	0	783	April 19, 2021
Authentication via gitlab or ldap On-Premise	5	4243	February 12, 2019

Sentry auth users with Active Directory (no OpenLDAP)

Related topics