The work here is based on slafs sentry repo and banno this Dockerfile is an extension of the sentry oficial docker image so, any ENVIRONMENT documented there you can use here.
I guess that slafs stopped his word after Sentry release their oficial Docker image, but for some reason, they image do not support LDAP stuff so we merged both and make it work.
| Environment variable name | Value |
|---|---|
| LDAP_BIND_DN | uid=sentry,ou=Systems,dc=server,dc=com |
| LDAP_BIND_PASSWORD | feijoada |
| LDAP_GROUP_TYPE | groupOfUniqueNames |
| LDAP_MAP_FIRST_NAME | cn |
| LDAP_SERVER | ldaps://ldap.server.com:636 |
| LDAP_USER_DN | ou=Employees,dc=company,dc=com |
| LDAP_USER_FILTER | =(&(objectClass=inetOrgPerson)(mail=%(user)s)) |
| SENTRY_DB_NAME | sentry |
| SENTRY_DB_PASSWORD | dbpasswd |
| SENTRY_DB_USER | sentry |
| SENTRY_EMAIL_HOST | email.relay.com |
| SENTRY_EMAIL_PORT | 25 |
| SENTRY_MEMCACHED_HOST | memcached_farm.server.com |
| SENTRY_MEMCACHED_PORT | 11211 |
| SENTRY_POSTGRES_HOST | postgres.server.com |
| SENTRY_REDIS_HOST | redis.server.com |
| SENTRY_REDIS_PORT | 11042 |
| SENTRY_SECRET_KEY | secret_sentry_key_42 |
| SENTRY_SERVER_EMAIL | [email protected] |
| SENTRY_USE_LDAP | True |
Refer to sentry documentation, django documentation, celery documentation and django-auth-ldap documentation for the meaning of each setting.
| Environment variable name | Django/Sentry setting | Type | Default value | Description |
|---|---|---|---|---|
| SENTRY_USE_LDAP | bool | False | if set to False all other LDAP settings are discarded |
|
| LDAP_SERVER | AUTH_LDAP_SERVER_URI | ldap://localhost |
Example: ldaps://ldap.locaweb.com:639 |
|
| LDAP_BIND_DN | AUTH_LDAP_BIND_DN | '' | The user used to login at ldap, normally this is a system user example: uid=sentry,ou=Systems,dc=locaweb,dc=com | |
| LDAP_BIND_PASSWORD | AUTH_LDAP_BIND_PASSWORD | '' | The password of the user | |
| LDAP_USER_DN | AUTH_LDAP_USER_SEARCH* | REQUIRED! if you want to use LDAP auth | first argument of LDAPSearch (base_dn) when searching for users | |
| LDAP_USER_FILTER | AUTH_LDAP_USER_SEARCH* | (&(objectClass=inetOrgPerson)(cn=%(user)s)) |
third argument of LDAPSearch (filterstr) when searching for users | |
| LDAP_GROUP_DN | AUTH_LDAP_GROUP_SEARCH* | '' | first argument of LDAPSearch (base_dn) when searching for groups | |
| LDAP_GROUP_FILTER | AUTH_LDAP_GROUP_SEARCH* | (objectClass=groupOfUniqueNames) |
third argument of LDAPSearch (filterstr) when searching for groups | |
| LDAP_GROUP_TYPE | AUTH_LDAP_GROUP_TYPE* | '' | if set to 'groupOfUniqueNames' then AUTH_LDAP_GROUP_TYPE = GroupOfUniqueNamesType(), if set to 'posixGroup' then AUTH_LDAP_GROUP_TYPE = PosixGroupType(). |
|
| LDAP_REQUIRE_GROUP | AUTH_LDAP_REQUIRE_GROUP | None | ||
| LDAP_DENY_GROUP | AUTH_LDAP_DENY_GROUP | None | ||
| LDAP_MAP_FULL_NAME | AUTH_LDAP_USER_ATTR_MAP['first_name'] | cn |
Please make sure that this property have the full name of the user | |
| LDAP_MAP_MAIL | AUTH_LDAP_USER_ATTR_MAP['email'] | mail |
||
| LDAP_SENTRY_USER_FIELD | mail |
Which LDAP field will be used to create the Sentry username | ||
| LDAP_GROUP_ACTIVE | AUTH_LDAP_USER_FLAGS_BY_GROUP['is_active'] | '' | ||
| LDAP_GROUP_STAFF | AUTH_LDAP_USER_FLAGS_BY_GROUP['is_staff'] | '' | ||
| LDAP_GROUP_SUPERUSER | AUTH_LDAP_USER_FLAGS_BY_GROUP['is_superuser'] | '' | ||
| LDAP_FIND_GROUP_PERMS | AUTH_LDAP_FIND_GROUP_PERMS | bool | False | |
| LDAP_CACHE_GROUPS | AUTH_LDAP_CACHE_GROUPS | bool | True | |
| LDAP_GROUP_CACHE_TIMEOUT | AUTH_LDAP_GROUP_CACHE_TIMEOUT | int | 3600 | |
| LDAP_LOGLEVEL | DEBUG |
django_auth_ldap logger level (other values: NOTSET (to disable), INFO, WARNING, ERROR or CRITICAL) |
$ docker build -t "$DOCKER_REGISTRY_URL/sentry/sentry:8.22.0" .