美文网首页
sentry集成LDAP实现统一身份认证

sentry集成LDAP实现统一身份认证

作者: 天草二十六_简村人 | 来源:发表于2021-10-29 13:41 被阅读0次

    一、背景

    由于线上需要统一身份认证,针对sentry,我们有两种办法,一是进入容器进行安装ldap;二是#SENTRY_IMAGE=getsentry/sentry:nightly 更换为已集成ldap的容器。

    当然,官网还有很多安装办法,比如在requirements.txt文件中追加sentry-ldap-auth,我在centos6下,试过此方法,报错gcc不存在。建议进入容器安装ldap。

    pip install sentry-ldap-auth

    报错详情:

    root@b936f6497ba6:/# pip install python-ldap
Collecting python-ldap
  Downloading python-ldap-3.3.1.tar.gz (379 kB)
     |████████████████████████████████| 379 kB 397 kB/s 
Requirement already satisfied: pyasn1>=0.3.7 in /usr/local/lib/python3.6/site-packages (from python-ldap) (0.4.8)
Requirement already satisfied: pyasn1_modules>=0.1.5 in /usr/local/lib/python3.6/site-packages (from python-ldap) (0.2.8)
Building wheels for collected packages: python-ldap
  Building wheel for python-ldap (setup.py) ... error
  ERROR: Command errored out with exit status 1:
   command: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' bdist_wheel -d /tmp/pip-wheel-85szugbq
       cwd: /tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/
  Complete output (79 lines):
  running bdist_wheel
  running build
  running build_py
  creating build
  creating build/lib.linux-x86_64-3.6
  copying Lib/ldapurl.py -> build/lib.linux-x86_64-3.6
  copying Lib/ldif.py -> build/lib.linux-x86_64-3.6
  creating build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/__init__.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/async.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/asyncsearch.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/cidict.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/compat.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/constants.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/dn.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/filter.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/functions.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/ldapobject.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/logger.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/modlist.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/pkginfo.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/resiter.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/sasl.py -> build/lib.linux-x86_64-3.6/ldap
  copying Lib/ldap/syncrepl.py -> build/lib.linux-x86_64-3.6/ldap
  creating build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/__init__.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/deref.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/libldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/openldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/pagedresults.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/ppolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/psearch.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/pwdpolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/readentry.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/sessiontrack.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/simple.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/sss.py -> build/lib.linux-x86_64-3.6/ldap/controls
  copying Lib/ldap/controls/vlv.py -> build/lib.linux-x86_64-3.6/ldap/controls
  creating build/lib.linux-x86_64-3.6/ldap/extop
  copying Lib/ldap/extop/__init__.py -> build/lib.linux-x86_64-3.6/ldap/extop
  copying Lib/ldap/extop/dds.py -> build/lib.linux-x86_64-3.6/ldap/extop
  copying Lib/ldap/extop/passwd.py -> build/lib.linux-x86_64-3.6/ldap/extop
  creating build/lib.linux-x86_64-3.6/ldap/schema
  copying Lib/ldap/schema/__init__.py -> build/lib.linux-x86_64-3.6/ldap/schema
  copying Lib/ldap/schema/models.py -> build/lib.linux-x86_64-3.6/ldap/schema
  copying Lib/ldap/schema/subentry.py -> build/lib.linux-x86_64-3.6/ldap/schema
  copying Lib/ldap/schema/tokenizer.py -> build/lib.linux-x86_64-3.6/ldap/schema
  creating build/lib.linux-x86_64-3.6/slapdtest
  copying Lib/slapdtest/__init__.py -> build/lib.linux-x86_64-3.6/slapdtest
  copying Lib/slapdtest/_slapdtest.py -> build/lib.linux-x86_64-3.6/slapdtest
  running egg_info
  writing Lib/python_ldap.egg-info/PKG-INFO
  writing dependency_links to Lib/python_ldap.egg-info/dependency_links.txt
  writing requirements to Lib/python_ldap.egg-info/requires.txt
  writing top-level names to Lib/python_ldap.egg-info/top_level.txt
  reading manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
  reading manifest template 'MANIFEST.in'
  no previously-included directories found matching 'Doc/.build'
  adding license file 'LICENCE'
  writing manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
  creating build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/README -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/ca.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/ca.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/client.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/client.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/client.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/gencerts.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/gennssdb.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/server.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/server.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
  copying Lib/slapdtest/certs/server.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
  running build_ext
  building '_ldap' extension
  creating build/temp.linux-x86_64-3.6
  creating build/temp.linux-x86_64-3.6/Modules
  gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -DHAVE_SASL -DHAVE_TLS -DHAVE_LIBLDAP_R -DHAVE_LIBLDAP_R -DLDAPMODULE_VERSION=3.3.1 -DLDAPMODULE_AUTHOR=python-ldap project -DLDAPMODULE_LICENSE=Python style -IModules -I/usr/local/include/python3.6m -c Modules/LDAPObject.c -o build/temp.linux-x86_64-3.6/Modules/LDAPObject.o
  unable to execute 'gcc': No such file or directory
  error: command 'gcc' failed with exit status 1
  ----------------------------------------
  ERROR: Failed building wheel for python-ldap
  Running setup.py clean for python-ldap
Failed to build python-ldap
Installing collected packages: python-ldap
    Running setup.py install for python-ldap ... error
    ERROR: Command errored out with exit status 1:
     command: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-n4r5p73l/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.6m/python-ldap
         cwd: /tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/
    Complete output (79 lines):
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.6
    copying Lib/ldapurl.py -> build/lib.linux-x86_64-3.6
    copying Lib/ldif.py -> build/lib.linux-x86_64-3.6
    creating build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/__init__.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/async.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/asyncsearch.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/cidict.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/compat.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/constants.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/dn.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/filter.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/functions.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/ldapobject.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/logger.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/modlist.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/pkginfo.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/resiter.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/sasl.py -> build/lib.linux-x86_64-3.6/ldap
    copying Lib/ldap/syncrepl.py -> build/lib.linux-x86_64-3.6/ldap
    creating build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/__init__.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/deref.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/libldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/openldap.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/pagedresults.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/ppolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/psearch.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/pwdpolicy.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/readentry.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/sessiontrack.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/simple.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/sss.py -> build/lib.linux-x86_64-3.6/ldap/controls
    copying Lib/ldap/controls/vlv.py -> build/lib.linux-x86_64-3.6/ldap/controls
    creating build/lib.linux-x86_64-3.6/ldap/extop
    copying Lib/ldap/extop/__init__.py -> build/lib.linux-x86_64-3.6/ldap/extop
    copying Lib/ldap/extop/dds.py -> build/lib.linux-x86_64-3.6/ldap/extop
    copying Lib/ldap/extop/passwd.py -> build/lib.linux-x86_64-3.6/ldap/extop
    creating build/lib.linux-x86_64-3.6/ldap/schema
    copying Lib/ldap/schema/__init__.py -> build/lib.linux-x86_64-3.6/ldap/schema
    copying Lib/ldap/schema/models.py -> build/lib.linux-x86_64-3.6/ldap/schema
    copying Lib/ldap/schema/subentry.py -> build/lib.linux-x86_64-3.6/ldap/schema
    copying Lib/ldap/schema/tokenizer.py -> build/lib.linux-x86_64-3.6/ldap/schema
    creating build/lib.linux-x86_64-3.6/slapdtest
    copying Lib/slapdtest/__init__.py -> build/lib.linux-x86_64-3.6/slapdtest
    copying Lib/slapdtest/_slapdtest.py -> build/lib.linux-x86_64-3.6/slapdtest
    running egg_info
    writing Lib/python_ldap.egg-info/PKG-INFO
    writing dependency_links to Lib/python_ldap.egg-info/dependency_links.txt
    writing requirements to Lib/python_ldap.egg-info/requires.txt
    writing top-level names to Lib/python_ldap.egg-info/top_level.txt
    reading manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    no previously-included directories found matching 'Doc/.build'
    adding license file 'LICENCE'
    writing manifest file 'Lib/python_ldap.egg-info/SOURCES.txt'
    creating build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/README -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/ca.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/ca.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/client.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/client.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/client.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/gencerts.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/gennssdb.sh -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/server.conf -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/server.key -> build/lib.linux-x86_64-3.6/slapdtest/certs
    copying Lib/slapdtest/certs/server.pem -> build/lib.linux-x86_64-3.6/slapdtest/certs
    running build_ext
    building '_ldap' extension
    creating build/temp.linux-x86_64-3.6
    creating build/temp.linux-x86_64-3.6/Modules
    gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O3 -Wall -fPIC -DHAVE_SASL -DHAVE_TLS -DHAVE_LIBLDAP_R -DHAVE_LIBLDAP_R -DLDAPMODULE_VERSION=3.3.1 -DLDAPMODULE_AUTHOR=python-ldap project -DLDAPMODULE_LICENSE=Python style -IModules -I/usr/local/include/python3.6m -c Modules/LDAPObject.c -o build/temp.linux-x86_64-3.6/Modules/LDAPObject.o
    unable to execute 'gcc': No such file or directory
    error: command 'gcc' failed with exit status 1
    ----------------------------------------
ERROR: Command errored out with exit status 1: /usr/local/bin/python -u -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"'; __file__='"'"'/tmp/pip-install-jh0pq4pk/python-ldap_6197e497440e4e7495611f1502e2de3c/setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' install --record /tmp/pip-record-n4r5p73l/install-record.txt --single-version-externally-managed --compile --install-headers /usr/local/include/python3.6m/python-ldap Check the logs for full command output.

    二、方法二 -- pip install python-ldap

    docker run -it getsentry/sentry:nightly /bin/bash

    如果遇到上述的报错,解决问题的步骤见下:

    apt-get update

apt-get install build-essential

apt-get install python3-dev
apt-get install libevent-dev

    以为是可以了,但是一直不行!!!

    于是查看github的issue列表,通过dockerfile文件,得知它的安装命令见下:

    apt-get update && apt-get install -y libsasl2-dev python-dev libldap2-dev libssl-dev

pip install python-ldap sentry-ldap-auth

    三、方法三 -- requirements.txt

    四、方法四 -- 更新docker镜像

    .env (配置镜像、端口、数据保留的天数)

    COMPOSE_PROJECT_NAME=sentry_onpremise
SENTRY_EVENT_RETENTION_DAYS=10
# You can either use a port number or an IP:PORT combo for SENTRY_BIND
# See https://docs.docker.com/compose/compose-file/#ports for more
SENTRY_BIND=9000

#SENTRY_IMAGE=getsentry/sentry:nightly
SENTRY_IMAGE=guidao02/sentry-ldap:21.6.16

SNUBA_IMAGE=getsentry/snuba:nightly
RELAY_IMAGE=getsentry/relay:nightly
SYMBOLICATOR_IMAGE=getsentry/symbolicator:nightly
WAL2JSON_VERSION=latest

    这里使用了dockerhub的镜像guidao02/sentry-ldap:21.6.16,你可以自定义并上传到docker仓库。

    五、修改Ldap配置

    vi sentry/sentry.conf.py

    #############
# LDAP auth #
#############

import ldap
from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType

# ldap服务器,需要更改
AUTH_LDAP_SERVER_URI = 'ldap://172.16.3.28:389'
# 用户名,需要更改
AUTH_LDAP_BIND_DN = 'cn=admin,dc=xxx,dc=com'
# 密码,需要更改
AUTH_LDAP_BIND_PASSWORD = 'xxx'

# 用户检索目录,需要更改
AUTH_LDAP_USER_SEARCH = LDAPSearch(
    'ou=people,dc=xxx,dc=com',
    ldap.SCOPE_SUBTREE,
    '(uid=%(user)s)',
)

# 组织检索目录,需要更改
AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
    'ou=sentry,ou=group,dc=xxx,dc=com',
    ldap.SCOPE_SUBTREE,
    '(objectClass=groupOfUniqueNames)'
)

AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType()
AUTH_LDAP_REQUIRE_GROUP = None
AUTH_LDAP_DENY_GROUP = None

AUTH_LDAP_USER_ATTR_MAP = {
    'name': 'description',
    'email': 'mail'
}

AUTH_LDAP_FIND_GROUP_PERMS = False
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600

AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry'
AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'member'
AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True
AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = False

AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn'
SENTRY_MANAGED_USER_FIELDS = ('email', 'first_name', 'last_name', 'password', )

AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + (
    'sentry_ldap_auth.backend.SentryLdapBackend',
)

# optional, for debugging
import logging
logger = logging.getLogger('django_auth_ldap')
logger.addHandler(logging.StreamHandler())
logger.addHandler(logging.FileHandler('/tmp/ldap2.log'))
logger.setLevel('DEBUG')

LOGGING['overridable'] = ['sentry', 'django_auth_ldap']
LOGGING['loggers']['django_auth_ldap'] = {
    'handlers': ['console'],
    'level': 'DEBUG'
}

    六、sentry重启

    docker-compose down 
docker-compose build 
docker-compose up -d

    相关文章

      网友评论

          本文标题:sentry集成LDAP实现统一身份认证

          本文链接:https://www.haomeiwen.com/subject/xycialtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|sentry集成LDAP实现统一身份认证|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!