Skip to main content

A Sentry extension to add an LDAP server as an authentication source.

Project description

sentry-ldap-auth

A Django custom authentication backend for Sentry. This module extends the functionality of django-auth-ldap with Sentry specific features.

Features

  • Users created by this backend are managed users. Managed fields are not editable through the Sentry account page.
  • Users may be auto-added to an Organization upon creation.

Prerequisites

Versions 2.0 and newer require Sentry 8. For Sentry 7 support, use the 1.1 release

Installation

To install, simply add sentry-ldap-auth to your requirements.txt for your Sentry environment (or pip install sentry-ldap-auth).

Configuration

This module extends the django-auth-ldap and all the options it provides are supported (up to v1.2.x, at least).

To configure Sentry to use this module, add sentry_ldap_auth.backend.SentryLdapBackend to your AUTHENTICATION_BACKENDS in your sentry.conf.py, like this:

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

Then, add any applicable configuration options. Depending on your environment, and especially if you are running Sentry in containers, you might consider using python-decouple so you can set these options via environment variables.

sentry-ldap-auth Specific Options

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'My Organization Name'

Auto adds created user to the specified organization (matched by name) if it exists.

AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'

Role type auto-added users are assigned. Valid values in a default installation of Sentry are 'member', 'admin', 'manager' & 'owner'. However, custom roles can also be added to Sentry, in which case these are also valid.

AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True

Whether auto-created users should be granted global access within the default organization.

AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False

Whether new users should be subscribed to any new projects by default. Disabling this is useful for large organizations where a subscription to each project might be spammy.

AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid'

Specify which attribute to use as the Sentry username, if different from what the user enters on the login page. You can use this to prevent multiple accounts from being created when your AUTH_LDAP_USER_SEARCH allows users to log in with different usernames (e.g. (|(uid=%(user))(mail=%(user)))). If multiple values exist for the attribute, the first value will be used.

AUTH_LDAP_DEFAULT_EMAIL_DOMAIN = 'example.com'

Default domain to append to username as the Sentry user's e-mail address when the LDAP user has no mail attribute.

Sentry Options

SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )

Fields which managed users may not modify through the Sentry accounts view. Applies to all managed accounts.

Example Configuration

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType

AUTH_LDAP_SERVER_URI = 'ldap://my.ldapserver.com'
AUTH_LDAP_BIND_DN = ''
AUTH_LDAP_BIND_PASSWORD = ''

AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'dc=domain,dc=com',
    ldap.SCOPE_SUBTREE,
    '(mail=%(user)s)',
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    '',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfUniqueNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
    'name': 'cn',
    'email': 'mail'
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'My Organization Name'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_GROUP_ROLE_MAPPING = {
    'owner': ['sysadmins'],
    'admin': ['devleads'],
    'member': ['developers', 'seniordevelopers']
}
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid'

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel('DEBUG')

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentry-ldap-auth-2.9.tar.gz (5.0 kB view details)

Uploaded Source

File details

Details for the file sentry-ldap-auth-2.9.tar.gz.

File metadata

  • Download URL: sentry-ldap-auth-2.9.tar.gz
  • Upload date:
  • Size: 5.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/50.3.2 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.9.0

File hashes

Hashes for sentry-ldap-auth-2.9.tar.gz
Algorithm Hash digest
SHA256 3d6efaf791b88a11c2e4b9d83813d5f1121e6b09f05d65e2020098d3796e7a17
MD5 a15fca67fd02347513c70c53331d67f2
BLAKE2b-256 fce97f586b815185a47ba3617c2add36dc190d2f85cde4f29cf6268a012c02d6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page