LDAP身份验证在Graphite中不起作用

时间:2019-05-28 12:01:37

标签: django python-3.x graphite

我已经在RHEL7服务器中安装了Graphite。我已经在Graphite local_settings.py

中完成了LDAP配置 
## LDAP / ActiveDirectory authentication setup
USE_LDAP_AUTH = True
LDAP_SERVER = "ldap-test.com"
LDAP_PORT = 389
#LDAP_USE_TLS = False

## Manual URI / query setup
LDAP_URI = "ldap://ldap-test.com:389"
LDAP_SEARCH_BASE = "ou=xxxxx,dc=zxxxx"
LDAP_BASE_USER = "uid=xxxx,ou=xxxxx,cn=xxxxx"
LDAP_BASE_PASS = "xxxxx"
LDAP_USER_QUERY = "(sAMAccountName=%s)"  #For Active Directory use "(sAMAccountName=%s)"

# User DN template to use for binding (and authentication) against the
# LDAP server. %(username) is replaced with the username supplied at
# graphite login.
LDAP_USER_DN_TEMPLATE = "cn=% (username),ou=xxxxx,dc=xxxxx"

# If you want to further customize the ldap connection options you should
# directly use ldap.set_option to set the ldap module's global options.
# For example:
#
#import ldap
#ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) # Use #ldap.OPT_X_TLS_DEMAND to force TLS
#ldap.set_option(ldap.OPT_REFERRALS, 0) # Enable for Active Directory
#ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
#ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.pem")
#ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 65535) # To enable verbose debugging
# See http://www.python-ldap.org/ for further details on these options.

我还通过service uwsgi restart重新启动了石墨服务。当我尝试登录时,它会抛出

  

“身份验证尝试失败,请确保您输入了登录名   和密码正确”

在日志中,我也找不到错误消息。如何解决此问题。

1 个答案:

答案 0 :(得分:2)

对于ldap身份验证,请使用以下代码:

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap


    # Writing my own logic for ldap authentication
    def  verifyLogin(username=None, password=None):  
       """Verifies credentials for username and password.
        Returns None on success or a string describing the error on failure
        # Adapt to your needs
        """
       if not username or not password:
           return 'Wrong username or password'
       LDAP_SERVER = ''
       # fully qualified AD user name
       LDAP_USERNAME = '%s@spi.com' % username
       # your password
       LDAP_PASSWORD = password
       base_dn = 'DC=spi,DC=com'
       ldap_filter = 'userPrincipalName=%s@spi.com' % username
       attrs = ['memberOf']
       try:
           # build a client
           ldap_client = ldap.initialize(LDAP_SERVER)
           # perform a synchronous bind
           ldap_client.set_option(ldap.OPT_REFERRALS,0)
           ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
       except ldap.INVALID_CREDENTIALS:
           #print("wron")
           ldap_client.unbind()
           return 'Wrong username or password'
       except ldap.SERVER_DOWN:
          #print("down")
          return 'AD server not awailable'
          # all is well
          # get all user groups and store it in cerrypy session for future use
          ab = str(ldap_client.search_s(base_dn,
                   ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
          #print("ab"+ab)              
       ldap_client.unbind()
       return 'success'
相关问题
最新问题