-
Notifications
You must be signed in to change notification settings - Fork 55
sentry-ldap-auth for Active Directory #22
Comments
After just a quick look at your configuration, it doesn't look like your |
Slightly differently explain. I experimented several days and now I have this: Active Directory on Windows 2008R2
Sentry on CentOS 7
My sentry.conf.py:
I tried change ldap.SCOPE_SUBTREE: Also I tried this config with diverse "dap.SCOPE_SUBTREE" and this not work too:
Main question, why Sentry does not even try connecting on AD-server? |
@Piknik1990 Try changing the search filter to I don't understand why you say "Sentry does not even try connecting on AD-server". You received an error Also, it's been a while since I did anything with AD, but I'm not sure you can bind a user to AD using an unencrypted channel. You should be able to connect anonymously by setting |
Ok. I am poorly described problem. At first All connect to AD server (successful or unsuccessful) I see in the Event Viewer - Security log Sentry server installed in Centos 7.
Besides Sentry I install openldap-clients package. He contains useful program ldapsearch I use this program so:
Wherein in the Event Viewer Windows server writes logs about the successful entry and exit AD-user. If I introduce incorrect password, I get follow:
... and in Event Viewer Windows server writes about unsuccessful entry. The
And in the Event Viewer writes the successful entry. So I'm currently using Generally, program ldapsearch makes me understand, that the LDAP-client is working fine. Further on Sentry: Whatever I filter and the credentials would not write to the config, nothing falls into Event Viewer when trying to enter through Web-interface. I introduce login "user" and password "1qaz@WSX" (&(objectClass=user)(objectClass=person)(cn=%(user)s) in the ldapsearch output "ldap_search_ext: Bad search filter (-7). " I do not understand why Sentry does not try to contact the AD server at all. Even if there was an incorrect filter, then the logs Event Viewer would at least have information about the wrong request or password. But he is not. Can really the whole point is that I incorrectly enter the login in the WEB interface? |
Hello Piknik1990, |
No, we moved to OpenLDAP and no solved this problem more. |
Working confing for AD
|
Hello!
I need to set up AD-authorization on Sentry. In the Internet on this theme I found this topic only: https://forum.sentry.io/t/how-to-set-up-to-auth-via-ms-active-directory-or-ldap/1880/5
But settings of this topic leads or not work AD-auth, or full non-work sentry (He not accept options "LOGGING").
I have next AD-server
IP 10.10.10.10
Domain: test.comp.com
Users: test.comp.com/Users
Groups: test.comp.com/Groups
Test User: test.comp.com/Users/user
Test Groups: test.comp.com/Groups/adminsupport (full right)
test.comp.com/Groups/support (read only)
Now my conf-file have follow parameters:
sentry.conf.py
Tell me, do you have AD-like config file for Sentry for example?
The text was updated successfully, but these errors were encountered: