个人中心
gpt4 book ai didi

django - LDAP 身份验证在 Graphite 中不起作用

转载 作者:行者123 更新时间:2023-12-02 06:39:10 28 4
gpt4 key购买 nike

我已经在 RHEL7 服务器中安装了 Graphite。我已经在 Graphite local_settings.py 中完成了 LDAP 配置

## LDAP / ActiveDirectory authentication setup
USE_LDAP_AUTH = True
LDAP_SERVER = "ldap-test.com"
LDAP_PORT = 389
#LDAP_USE_TLS = False

## Manual URI / query setup
LDAP_URI = "ldap://ldap-test.com:389"
LDAP_SEARCH_BASE = "ou=xxxxx,dc=zxxxx"
LDAP_BASE_USER = "uid=xxxx,ou=xxxxx,cn=xxxxx"
LDAP_BASE_PASS = "xxxxx"
LDAP_USER_QUERY = "(sAMAccountName=%s)"  #For Active Directory use "(sAMAccountName=%s)"

# User DN template to use for binding (and authentication) against the
# LDAP server. %(username) is replaced with the username supplied at
# graphite login.
LDAP_USER_DN_TEMPLATE = "cn=% (username),ou=xxxxx,dc=xxxxx"

# If you want to further customize the ldap connection options you should
# directly use ldap.set_option to set the ldap module's global options.
# For example:
#
#import ldap
#ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) # Use #ldap.OPT_X_TLS_DEMAND to force TLS
#ldap.set_option(ldap.OPT_REFERRALS, 0) # Enable for Active Directory
#ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
#ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.pem")
#ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 65535) # To enable verbose debugging
# See http://www.python-ldap.org/ for further details on these options.

我还通过 service uwsgi restart 重新启动了 Graphite 服务。当我尝试登录时,它抛出

"Authentication Attempt Failed,please make sure you entered your login and password correctly"

在日志中我也找不到错误消息。如何解决这个问题。

根据下面的评论,我更新了位于 Graphite /webapp/graphite 中的views.py 文件。

import traceback
from django.http import HttpResponseServerError
from django.template import loader


def server_error(request, template_name='500.html'):
  template = loader.get_template(template_name)
  context = {'stacktrace' : traceback.format_exc()}
  return HttpResponseServerError(template.render(context))

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap

# Writing my own logic for ldap authentication
def  verifyLogin(username=None, password=None):
  """Verifies credentials for username and password.
     Returns None on success or a string describing the error on failure
     # Adapt to your needs
  """
  if not username or not password:
     return 'Wrong username or password'
  LDAP_SERVER = 'XX.XX.XX'
  # fully qualified AD user name
  LDAP_USERNAME = 'uid=xx,ou=xx,cn=xx'
  # your password
  LDAP_PASSWORD = xxxxxxxxxx
  base_dn = 'ou=xx,dc=xx'
  ldap_filter = '(sAMAccountName=%s)'
  attrs = ['memberOf']
  try:
      # build a client
      ldap_client = ldap.initialize(LDAP_SERVER)
      # perform a synchronous bind
      ldap_client.set_option(ldap.OPT_REFERRALS,0)
      ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
  except ldap.INVALID_CREDENTIALS:
      #print("wron")
      ldap_client.unbind()
      return 'Wrong username or password'
  except ldap.SERVER_DOWN:
      #print("down")
      return 'AD server not awailable'
      # get all user groups and store it in cerrypy session for future use
      ab = str(ldap_client.search_s(base_dn,
               ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
      #print("ab"+ab)
  ldap_client.unbind()
  return 'success

'仍然遇到同样的错误。

最佳答案

对于 LDAP 身份验证,请使用以下代码:

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap


    # Writing my own logic for ldap authentication
    def  verifyLogin(username=None, password=None):  
       """Verifies credentials for username and password.
        Returns None on success or a string describing the error on failure
        # Adapt to your needs
        """
       if not username or not password:
           return 'Wrong username or password'
       LDAP_SERVER = ''
       # fully qualified AD user name
       LDAP_USERNAME = '%s@spi.com' % username
       # your password
       LDAP_PASSWORD = password
       base_dn = 'DC=spi,DC=com'
       ldap_filter = 'userPrincipalName=%s@spi.com' % username
       attrs = ['memberOf']
       try:
           # build a client
           ldap_client = ldap.initialize(LDAP_SERVER)
           # perform a synchronous bind
           ldap_client.set_option(ldap.OPT_REFERRALS,0)
           ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
       except ldap.INVALID_CREDENTIALS:
           #print("wron")
           ldap_client.unbind()
           return 'Wrong username or password'
       except ldap.SERVER_DOWN:
          #print("down")
          return 'AD server not awailable'
          # all is well
          # get all user groups and store it in cerrypy session for future use
          ab = str(ldap_client.search_s(base_dn,
                   ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
          #print("ab"+ab)              
       ldap_client.unbind()
       return 'success'

关于django - LDAP 身份验证在 Graphite 中不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56341830/

28 4 0
文章推荐: sparql - 如何优化返回可选属性的 SPARQL 查询?
文章推荐: MATLAB 构造函数
文章推荐: gcc - .data.rel.ro 有何用途?
文章推荐: 没有 ID 字段或具有部分 NULL 复合字段的 Grails 域类
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com