LDAP Authentication not working in Graphite

Question

I have Installed Graphite in RHEL7 server. I have done the LDAP configuration in Graphite local_settings.py

## LDAP / ActiveDirectory authentication setup
USE_LDAP_AUTH = True
LDAP_SERVER = "ldap-test.com"
LDAP_PORT = 389
#LDAP_USE_TLS = False

## Manual URI / query setup
LDAP_URI = "ldap://ldap-test.com:389"
LDAP_SEARCH_BASE = "ou=xxxxx,dc=zxxxx"
LDAP_BASE_USER = "uid=xxxx,ou=xxxxx,cn=xxxxx"
LDAP_BASE_PASS = "xxxxx"
LDAP_USER_QUERY = "(sAMAccountName=%s)"  #For Active Directory use "(sAMAccountName=%s)"

# User DN template to use for binding (and authentication) against the
# LDAP server. %(username) is replaced with the username supplied at
# graphite login.
LDAP_USER_DN_TEMPLATE = "cn=% (username),ou=xxxxx,dc=xxxxx"

# If you want to further customize the ldap connection options you should
# directly use ldap.set_option to set the ldap module's global options.
# For example:
#
#import ldap
#ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_ALLOW) # Use #ldap.OPT_X_TLS_DEMAND to force TLS
#ldap.set_option(ldap.OPT_REFERRALS, 0) # Enable for Active Directory
#ldap.set_option(ldap.OPT_X_TLS_CACERTDIR, "/etc/ssl/ca")
#ldap.set_option(ldap.OPT_X_TLS_CERTFILE, "/etc/ssl/mycert.pem")
#ldap.set_option(ldap.OPT_X_TLS_KEYFILE, "/etc/ssl/mykey.pem")
#ldap.set_option(ldap.OPT_DEBUG_LEVEL, 65535) # To enable verbose debugging
# See http://www.python-ldap.org/ for further details on these options.

I also restarted the graphite service by service uwsgi restart. When I tried to login , it throws

"Authentication Attempt Failed,please make sure you entered your login and password correctly"

In logs also I'm unable to find the error messages. How to fix this issue.

As per below comment, I have updated the views.py file located in graphite/webapp/graphite.

import traceback
from django.http import HttpResponseServerError
from django.template import loader


def server_error(request, template_name='500.html'):
  template = loader.get_template(template_name)
  context = {'stacktrace' : traceback.format_exc()}
  return HttpResponseServerError(template.render(context))

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap

# Writing my own logic for ldap authentication
def  verifyLogin(username=None, password=None):
  """Verifies credentials for username and password.
     Returns None on success or a string describing the error on failure
     # Adapt to your needs
  """
  if not username or not password:
     return 'Wrong username or password'
  LDAP_SERVER = 'XX.XX.XX'
  # fully qualified AD user name
  LDAP_USERNAME = 'uid=xx,ou=xx,cn=xx'
  # your password
  LDAP_PASSWORD = xxxxxxxxxx
  base_dn = 'ou=xx,dc=xx'
  ldap_filter = '(sAMAccountName=%s)'
  attrs = ['memberOf']
  try:
      # build a client
      ldap_client = ldap.initialize(LDAP_SERVER)
      # perform a synchronous bind
      ldap_client.set_option(ldap.OPT_REFERRALS,0)
      ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
  except ldap.INVALID_CREDENTIALS:
      #print("wron")
      ldap_client.unbind()
      return 'Wrong username or password'
  except ldap.SERVER_DOWN:
      #print("down")
      return 'AD server not awailable'
      # get all user groups and store it in cerrypy session for future use
      ab = str(ldap_client.search_s(base_dn,
               ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
      #print("ab"+ab)
  ldap_client.unbind()
  return 'success

' Still getting the same error.

Answer 1

For the ldap authentication use this code:

# Writing custom authentication backend
from django.contrib.auth.models import User
import ldap


    # Writing my own logic for ldap authentication
    def  verifyLogin(username=None, password=None):  
       """Verifies credentials for username and password.
        Returns None on success or a string describing the error on failure
        # Adapt to your needs
        """
       if not username or not password:
           return 'Wrong username or password'
       LDAP_SERVER = ''
       # fully qualified AD user name
       LDAP_USERNAME = '%[email protected]' % username
       # your password
       LDAP_PASSWORD = password
       base_dn = 'DC=spi,DC=com'
       ldap_filter = 'userPrincipalName=%[email protected]' % username
       attrs = ['memberOf']
       try:
           # build a client
           ldap_client = ldap.initialize(LDAP_SERVER)
           # perform a synchronous bind
           ldap_client.set_option(ldap.OPT_REFERRALS,0)
           ldap_client.simple_bind_s(LDAP_USERNAME, LDAP_PASSWORD)
       except ldap.INVALID_CREDENTIALS:
           #print("wron")
           ldap_client.unbind()
           return 'Wrong username or password'
       except ldap.SERVER_DOWN:
          #print("down")
          return 'AD server not awailable'
          # all is well
          # get all user groups and store it in cerrypy session for future use
          ab = str(ldap_client.search_s(base_dn,
                   ldap.SCOPE_SUBTREE, ldap_filter, attrs)[0][1]['memberOf'])
          #print("ab"+ab)              
       ldap_client.unbind()
       return 'success'