sentry配置openldap登录授权
废话不多说,直接上配置,将以下配置加到sentry.conf.py文件里,然后重启sentry web就行了
######################################FOR LDAP AUTH#################################################### SENTRY_FEATURES["auth:register"] = True import ldap from django_auth_ldap.config import LDAPSearch, GroupOfUniqueNamesType AUTH_LDAP_SERVER_URI = 'ldap://${yourldapdomain}' AUTH_LDAP_BIND_DN = '${yourbinddn}' AUTH_LDAP_BIND_PASSWORD = '${yourpaaswd}' AUTH_LDAP_USER_SEARCH = LDAPSearch( 'ou=people,dc=${yourdc},dc=${yourdc}', ldap.SCOPE_SUBTREE, '(cn=%(user)s)', ) AUTH_LDAP_GROUP_SEARCH = LDAPSearch( '', ldap.SCOPE_SUBTREE, '(objectClass=groupOfUniqueNames)' ) AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType() AUTH_LDAP_REQUIRE_GROUP = None AUTH_LDAP_DENY_GROUP = None AUTH_LDAP_USER_ATTR_MAP = { 'username': 'cn', 'email': 'cn' } AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_CACHE_GROUPS = True AUTH_LDAP_GROUP_CACHE_TIMEOUT = 3600 AUTH_LDAP_DEFAULT_SENTRY_ORGANIZATION = u'Sentry' AUTH_LDAP_SENTRY_ORGANIZATION_ROLE_TYPE = 'admin' AUTH_LDAP_SENTRY_SUBSCRIBE_BY_DEFAULT = True #AUTH_LDAP_ALWAYS_UPDATE_USER = False AUTH_LDAP_SENTRY_GROUP_ROLE_MAPPING = { 'owner': ['sysadmins'], 'admin': ['devleads'], 'member': [] } AUTH_LDAP_SENTRY_ORGANIZATION_GLOBAL_ACCESS = True AUTH_LDAP_SENTRY_USERNAME_FIELD = 'cn' AUTHENTICATION_BACKENDS = AUTHENTICATION_BACKENDS + ( 'sentry_ldap_auth.backend.SentryLdapBackend', 'django.contrib.auth.backends.ModelBackend', ) import logging logger = logging.getLogger('django_auth_ldap') logger.addHandler(logging.StreamHandler()) logger.setLevel('DEBUG')
sentry用户角色表是:sentry_organizationmember 可以之前在db里改用户的角色
参考:sentry-ldap-auth