Sentry 20 !! Configuration error: ImportError: No module named ldap

[lkiii]

I have installed Sentry using https://github.com/getsentry/sentry/releases/tag/20.9.0 I have started ./install.sh to prepare the environment and docker-compose up -d to start sentry.

My $SENTRY_INSTALL_DIR/sentry/requirements.txt:

# Add plugins here
sentry-ldap-auth

Also, I have appended $SENTRY_INSTALL_DIR/sentry/sentry.conf.py with required configuration, but after I am starting sentry I am getting:

ingest-consumer_1              | !! Configuration error: ImportError: No module named ldap
post-process-forwarder_1       | !! Configuration error: ImportError: No module named ldap
worker_1                       | !! Configuration error: ImportError: No module named ldap
cron_1                         | !! Configuration error: ImportError: No module named ldap
web_1                          | !! Configuration error: ImportError: No module named ldap

It seems that the plug-in is not being installed.

[lkiii]

I have managed to install the plugin.

First thing I had to include dependencies to $SENTRY_INSTALL_DIR/sentry/Dockerfile

...
FROM ${SENTRY_IMAGE}

RUN apt-get update && apt-get install -y gcc libsasl2-dev python-dev libldap2-dev libssl-dev
COPY . /usr/src/sentry
...

Then I had to run docker-compose build
And after that, I have started up the sentry again with docker-compose up -d

[aoberest]

@lkiii Hello.
Do you have a working config "LDAP auth" for sentry 21.1.0 ?
Could you please, share it?

[lkiii]

@lkiii Hello.
Do you have a working config "LDAP auth" for sentry 21.1.0 ?
Could you please, share it?

The approach I have described above is working on version 20.11.1. I have not tested it on higher versions.

[pedrofurtado]

@OANgit @lkiii do you have guys some example working with 21.x sentry onpremise? I am blocked on it now 😢

[aoberest]

Hi,
I have version onpremise sentry
sentry --version
sentry, version 21.1.0 (486d790a8f52)

I have a huge Active Directory LDAP. In my case I had error(restriction) with a memcache.
auth_ldap._LDAPUserGroups._group_names.cn - longer than 250.
In the logs you see docker-compose logs web something like this

/usr/local/lib/python3.6/site-packages/django/core/cache/backends/base.py:239: CacheKeyWarning: Cache key will cause errors if used with memcached: ':2:auth_ldap._LDAPUserGroups._group_names.cn=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name,ou=long_name' (longer than 250)
web_1                                       |   '(longer than %s)' % (key, MEMCACHE_MAX_KEY_LENGTH), CacheKeyWarning

I changed section Cache in file sentry/sentry.conf.py

#########
# Cache #
#########

# Sentry currently utilizes two separate mechanisms. While CACHES is not a
# requirement, it will optimize several high throughput patterns.

#CACHES = {
#    "default": {
#        "BACKEND": "django.core.cache.backends.memcached.MemcachedCache",
#        "LOCATION": ["memcached:11211"],
#        "TIMEOUT": 3600,
#    }
#}

CACHES = {
    "default": {
        "BACKEND": "django.core.cache.backends.locmem.LocMemCache",
        "LOCATION": "unique-snowflake",
    }
}

@pedrofurtado

[aoberest]

LDAP settings in sentry/sentry.conf.py

#############
# LDAP auth #
#############

import ldap

from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType

AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_SERVER_URI = "ldap://192.168.10.1:389"
AUTH_LDAP_BIND_DN = "AD_user"
AUTH_LDAP_BIND_PASSWORD = "password"
AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=,dc=,dc=,dc=com",ldap.SCOPE_SUBTREE,"(sAMAccountName=%(user)s)"
)

AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    '',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfUniqueNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
    "username": "sAMAccountName",
    "first_name": "givenName",
    "last_name": "sn",
    "email": "mail",
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
#AUTH_LDAP_SENTRY_USERNAME_FIELD = 'uid'
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False

SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.setLevel('DEBUG')


#### Telemetry off
SENTRY_BEACON = False

[lkiii]

@OANgit @lkiii do you have guys some example working with 21.x sentry onpremise? I am blocked on it now 😢

No sorry. My customer decided to migrate to the cloud, so I have not upgraded on-prem to the latest versions.