LDAP身份验证在Graphite中不起作用

Question

LDAP身份验证在Graphite中不起作用

我已经在RHEL7服务器中安装了Graphite。我已经在Graphite local_settings.py中完成了LDAP配置

## LDAP / ActiveDirectory authentication setup
USE_LDAP_AUTH = True
LDAP_SERVER = "ldap-test.com"
LDAP_PORT = 389
#LDAP_USE_TLS = False

## Manual URI / query setup
LDAP_URI = "ldap://ldap-test.com:389"
LDAP_SEARCH_BASE = "ou=xxxxx,dc=zxxxx"
LDAP_BASE_USER = "uid=xxxx,ou=xxxxx,cn=xxxxx"
LDAP_BASE_PASS = "xxxxx"
LDAP_USER_QUERY = "(sAMAccountName=%s)"  #For Active Directory use "(sAMAccountName=%s)"

# User DN template to use for binding (and authentication) against the
# LDAP server. %(username) is replaced with the username supplied at
# graphite login.
LDAP_USER_DN_TEMPLATE = "cn=% (username),ou=xxxxx,dc=xxxxx"

# If you want to further customize the ldap connection options you should
# directly use ldap.set_option to set the ldap module's global options.
# For example:
#
#import ldap
#ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) # Use #ldap.OPT_X_TLS_DEMAND to force TLS
#ldap.set_option(ldap.OPT_REFERRALS, 0) # Enable for Active Directory
#ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
#ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.pem")
#ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 65535) # To enable verbose debugging
# See http://www.python-ldap.org/ for further details on these options.

Run Code Online (Sandbox Code Playgroud)

我还通过重启了石墨服务service uwsgi restart。当我尝试登录时，它抛出

“身份验证尝试失败，请确保您正确输入了登录名和密码”

在日志中，我也找不到错误消息。如何解决此问题。

按照下面的评论，我更新了位于石墨/ webapp /石墨中的views.py文件。

import traceback
from django.http import HttpResponseServerError
from django.template import loader


def server_error(request, template_name='500.html'):
  template = loader.get_template(template_name)
  context = {'stacktrace' : traceback.format_exc()}
  return HttpResponseServerError(template.render(context))

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap

# Writing my own logic for ldap authentication
def  verifyLogin(username=None, password=None):
  """Verifies credentials for username and password.
     Returns None on success or a string describing the error on failure
     # Adapt to your needs
  """
  if not username or not password:
     return 'Wrong username or password'
  LDAP_SERVER = 'XX.XX.XX'
  # fully qualified AD user name
  LDAP_USERNAME = 'uid=xx,ou=xx,cn=xx'
  # your password
  LDAP_PASSWORD = xxxxxxxxxx
  base_dn = 'ou=xx,dc=xx'
  ldap_filter = '(sAMAccountName=%s)'
  attrs = ['memberOf']
  try:
      # build a client
      ldap_client = ldap.initialize(LDAP_SERVER)
      # perform a synchronous bind
      ldap_client.set_option(ldap.OPT_REFERRALS,0)
      ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
  except ldap.INVALID_CREDENTIALS:
      #print("wron")
      ldap_client.unbind()
      return 'Wrong username or password'
  except ldap.SERVER_DOWN:
      #print("down")
      return 'AD server not awailable'
      # get all user groups and store it in cerrypy session for future use
      ab = str(ldap_client.search_s(base_dn,
               ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
      #print("ab"+ab)
  ldap_client.unbind()
  return 'success

Run Code Online (Sandbox Code Playgroud)

'仍然出现相同的错误。

Answer 1

chi*_*oni 2

对于 LDAP 身份验证，请使用以下代码：

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap


    # Writing my own logic for ldap authentication
    def  verifyLogin(username=None, password=None):  
       """Verifies credentials for username and password.
        Returns None on success or a string describing the error on failure
        # Adapt to your needs
        """
       if not username or not password:
           return 'Wrong username or password'
       LDAP_SERVER = ''
       # fully qualified AD user name
       LDAP_USERNAME = '%s@spi.com' % username
       # your password
       LDAP_PASSWORD = password
       base_dn = 'DC=spi,DC=com'
       ldap_filter = 'userPrincipalName=%s@spi.com' % username
       attrs = ['memberOf']
       try:
           # build a client
           ldap_client = ldap.initialize(LDAP_SERVER)
           # perform a synchronous bind
           ldap_client.set_option(ldap.OPT_REFERRALS,0)
           ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
       except ldap.INVALID_CREDENTIALS:
           #print("wron")
           ldap_client.unbind()
           return 'Wrong username or password'
       except ldap.SERVER_DOWN:
          #print("down")
          return 'AD server not awailable'
          # all is well
          # get all user groups and store it in cerrypy session for future use
          ab = str(ldap_client.search_s(base_dn,
                   ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
          #print("ab"+ab)              
       ldap_client.unbind()
       return 'success'

Run Code Online (Sandbox Code Playgroud)

归档时间：	6 年，6 月前
查看次数：	108 次
最近记录：	6 年，5 月前