Giter VIP home page Giter VIP logo

Comments (7)

lkiii avatar lkiii commented on August 14, 2024 4

I have managed to install the plugin.

First thing I had to include dependencies to $SENTRY_INSTALL_DIR/sentry/Dockerfile

...
FROM ${SENTRY_IMAGE}

RUN apt-get update && apt-get install -y gcc libsasl2-dev python-dev libldap2-dev libssl-dev
COPY . /usr/src/sentry
...

Then I had to run docker-compose build
And after that, I have started up the sentry again with docker-compose up -d

from getsentry-ldap-auth.

aoberest avatar aoberest commented on August 14, 2024

@lkiii Hello.
Do you have a working config "LDAP auth" for sentry 21.1.0 ?
Could you please, share it?

from getsentry-ldap-auth.

lkiii avatar lkiii commented on August 14, 2024

@lkiii Hello.
Do you have a working config "LDAP auth" for sentry 21.1.0 ?
Could you please, share it?

The approach I have described above is working on version 20.11.1. I have not tested it on higher versions.

from getsentry-ldap-auth.

pedrofurtado avatar pedrofurtado commented on August 14, 2024

@OANgit @lkiii do you have guys some example working with 21.x sentry onpremise? I am blocked on it now 😢

from getsentry-ldap-auth.

aoberest avatar aoberest commented on August 14, 2024

Hi,
I have version onpremise sentry
sentry --version
sentry, version 21.1.0 (486d790a8f52)

I have a huge Active Directory LDAP. In my case I had error(restriction) with a memcache.
auth_ldap._LDAPUserGroups._group_names.cn - longer than 250.
In the logs you see docker-compose logs web something like this

/usr/local/lib/python3.6/site-packages/django/core/cache/backends/base.py:239: CacheKeyWarning: Cache key will cause errors if used with memcached: ':2:auth_ldap._LDAPUserGroups._group_names.cn=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name' (longer than 250)
web_1                                       |   '(longer than %s)' % (key, MEMCACHE_MAX_KEY_LENGTH), CacheKeyWarning

I changed section Cache in file sentry/sentry.conf.py

#########
# Cache #
#########

# Sentry currently utilizes two separate mechanisms. While CACHES is not a
# requirement, it will optimize several high throughput patterns.

#CACHES = {
#    "default": {
#        "BACKEND": "django.core.cache.backends.memcached.MemcachedCache",
#        "LOCATION": ["memcached:11211"],
#        "TIMEOUT": 3600,
#    }
#}

CACHES = {
    "default": {
        "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
        "LOCATION": "unique-snowflake",
    }
}

@pedrofurtado

from getsentry-ldap-auth.

aoberest avatar aoberest commented on August 14, 2024

LDAP settings in sentry/sentry.conf.py

#############
# LDAP auth #
#############

import ldap

from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType

AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_SERVER_URI = "ldap://192.168.10.1:389"
AUTH_LDAP_BIND_DN = "AD_user"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=,dc=,dc=,dc=com",ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)"
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    '',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfUniqueNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
    "username": "sAMAccountName",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
#AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid'
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False

SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel('DEBUG')


#### Telemetry off
SENTRY_BEACON = False

from getsentry-ldap-auth.

lkiii avatar lkiii commented on August 14, 2024

@OANgit @lkiii do you have guys some example working with 21.x sentry onpremise? I am blocked on it now 😢

No sorry. My customer decided to migrate to the cloud, so I have not upgraded on-prem to the latest versions.

from getsentry-ldap-auth.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.