Also, the login works for him on Icinga which uses the same groups, and finally, i can't login on Graphite myself either it seems. I simply get a "wrong password" reply but i'm using the same credentials as on Icinga which works fine.
that said, for Coren it works. and:
# LDAP authentication AuthName "WMF Labs (use wiki login name not shell)" AuthType Basic AuthBasicProvider ldap AuthLDAPBindDN cn=proxyagent,ou=profile,dc=wikimedia,dc=org AuthLDAPBindPassword XXXXXXXXXXX AuthLDAPURL "ldaps://ldap-eqiad.wikimedia.org ldap-codfw.wikimedia.org/ou=people,dc=wikimedia,dc=org?cn" <LimitExcept OPTIONS> Require ldap-group cn=ops,ou=groups,dc=wikimedia,dc=org Require ldap-group cn=nda,ou=groups,dc=wikimedia,dc=org Require ldap-group cn=wmf,ou=groups,dc=wikimedia,dc=org </LimitExcept>
@Eevans are you clicking the "login" button in the upper right corner in the UI itself and then get the error? like i did? that doesn't work. but as RobH points out the initial pop-up auth from Apache works and is hooked up to LDAP. after that, regardless of the additional login link, you should already be able to see data when you uncollapse the tree on the left hand side.