Has support for Sentry 20/21?

[pedrofurtado]

[balonik]

works for me with 21.1.0

[pedrofurtado]

@balonik How did you configure it?

[pedrofurtado]

Can you share the steps, @balonik ? We tried here, but without success

[balonik]

@pedrofurtado I did a git clone --depth 1 --branch 21.1.0 https://github.com/getsentry/onpremise.git and then modified the sentry/Dockerfile like this:

ARG SENTRY_IMAGE
ARG SENTRY_PYTHON2
FROM ${SENTRY_IMAGE}${SENTRY_PYTHON2:+-py2}

RUN apt-get update && apt-get install -y gcc libsasl2-dev python-dev libldap2-dev libssl-dev

RUN pip install python-ldap sentry-ldap-auth

COPY . /usr/src/sentry

# Hook for installing additional plugins
RUN if [ -s /usr/src/sentry/requirements.txt ]; then pip install -r /usr/src/sentry/requirements.txt; fi

[pedrofurtado]

Thanks for help @balonik !

It was needed to change something in sentry/sentry.conf.py, to make it work? If so, what configuration you defined? Can you share (omitting, of course, your credentials)? Anyway, I will make these steps in dockerfile firstly 🤝

Thanks again for your help @balonik!

[balonik]

@pedrofurtado nothing special, I have basically used the example configuration and changed AUTH_LDAP_SERVER_URI, AUTH_LDAP_BIND_* and AUTH_LDAP_*_SEARCH variables to match our LDAP setup.

[pedrofurtado]

hmmm, ok. After all this setup and configuration, every user that you created (or even the existing users) in sentry now is authenticating using ldap, right?

[balonik]

No, in this setup LDAP is only another auth method. There are still the default SSO auth methods and users can still use local users if you don't disable self registration. I suppose you can disable them by modifying the AUTHENTICATION_BACKENDS. I don't know what happens to existing users, didn't test it.

[pedrofurtado]

Strange 🤔 I made the configuration, edited dockerfile, rebuild docker compose containers, up all, but users still auths without ldap 😢

I wrote this on sentry.conf.py but no logs are in output:

import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler(r"/ldap2.log"))
logger.setLevel('DEBUG')

I don't know why is not working, and the logs not shows errors or something else 😕

[pedrofurtado]

@balonik Do you have some suggestion? I am blocked on it 😢

[kirik]

Got it working on 21.6.2. You need to add to sentry/entrypoint.sh (as this version does not include sentry/Dockerfile anymore):

apt-get update
apt-get install libsasl2-dev python-dev libldap2-dev libssl-dev build-essential -y

[rrauenza]

One of the issues I had was I had to ignore certificate errors because the container doesn't have my certs:

AUTH_LDAP_CONNECTION_OPTIONS = {
    ldap.OPT_REFERRALS: False,
    ldap.OPT_PROTOCOL_VERSION: 3,
    ldap.OPT_NETWORK_TIMEOUT: 10,
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
}

AUTH_LDAP_GLOBAL_OPTIONS = {
    ldap.OPT_REFERRALS: False,
    ldap.OPT_PROTOCOL_VERSION: 3,
    ldap.OPT_NETWORK_TIMEOUT: 10,
    ldap.OPT_X_TLS_REQUIRE_CERT: ldap.OPT_X_TLS_NEVER,
}

[huixisheng]

vi Dockerfile

FROM getsentry/sentry:21.12.0
# https://www.broadcastify.com/listen/ctid/225
# https://github.com/Banno/getsentry-ldap-auth/issues/55
RUN apt-get update
RUN apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev build-essential
RUN apt-get install -y postgresql-client
RUN apt-get clean

docker build -t sentry-ldap-21.12.0 . docker tag sentry-ldap-21.12.0 harbor.xxx.com/sentry-ldap:21.12.0 docker push harbor.xxx.com/sentry-ldap:21.12.0

vi .env

SENTRY_IMAGE=harbor.xxx.com/sentry-ldap:21.12.0

vi sentry/sentry.conf.py 末尾添加

# ldap
import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
AUTH_LDAP_SERVER_URI = 'ldap://your service'
AUTH_LDAP_BIND_DN = 'your config'
AUTH_LDAP_BIND_PASSWORD = 'your password'
AUTH_LDAP_USER_SEARCH = LDAPSearch(
  'ou=xx,dc=xx,dc=cc',
  ldap.SCOPE_SUBTREE,
  '(cn=%(user)s)',
)
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
  'ou=xx,dc=xx,dc=cc',
  ldap.SCOPE_SUBTREE,
  '(objectClass=groupOfNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None
AUTH_LDAP_USER_ATTR_MAP = {
  'name': 'cn',
  'email': 'cn'
}
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600
AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True
AUTH_LDAP_SENTRY_GROUP_ROLE_MAPPING = {
  'owner': [],
  'admin': [],
  'member': [],
}
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn'
AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
  'sentry_ldap_auth.backend.SentryLdapBackend',
)
import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel('DEBUG')

[MrTomek]

FIX in 22.2.0 (https://github.com/getsentry/self-hosted)

You need to add to sentry / entrypoint.sh first

apt-get update
apt-get install -y libpython2.7-dev python-dev libldap2-dev libsasl2-dev gcc

[MortezaBashsiz]

Hi At the moment, I am using sentry 22.6.0, and it is not compatible with this version Is there any update?

[Dherlou]

@MortezaBashsiz There is an active fork of this project at https://github.com/PMExtra/sentry-auth-ldap. This fork is compatibel with Sentry 21.9.0 up to the latest version of self-hosted sentry and the configuration is nearly identical. The new maintainer did a good job reviving this upstream repo.