Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Active Directory Issues
See original GitHub issueCurrently having issues configuring the authenticator. I am receiving the fall through error message of Failed Login for xxxx (See below for logs).
Versions:
jupyterhub==0.8.1 jupyterlab==0.33.4 jupyterhub-ldapauthenticator==1.2.2
jupyterhub.log
[D 2018-08-07 15:27:37.989 JupyterHub ldapauthenticator:299] TYPE= 'True'
[D 2018-08-07 15:27:37.990 JupyterHub ldapauthenticator:223] Looking up user with
search_base=<OU>,
search_filter='(sAMAccountName=<user>)', attributes=sAMAccountName
[W 2018-08-07 15:27:38.335 JupyterHub ldapauthenticator:379] Invalid password for user <user>
[W 2018-08-07 15:27:38.335 JupyterHub base:351] Failed login for <user>
Config:
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address = "ldaps://<serverAddress>l"
c.LDAPAuthenticator.lookup_dn = True
c.LDAPAuthenticator.bind_dn_template = []
c.LDAPAuthenticator.lookup_dn_search_filter = '({login_attr}={login})'
c.LDAPAuthenticator.lookup_dn_search_user = <Bind User>
c.LDAPAuthenticator.lookup_dn_search_password = '<Bind Pass'
c.LDAPAuthenticator.user_search_base = '<OU>'
c.LDAPAuthenticator.user_attribute = 'sAMAccountName'
c.LDAPAuthenticator.lookup_dn_user_dn_attribute = 'cn'
c.LDAPAuthenticator.escape_userdn = False
c.LDAPAuthenticator.use_ssl = True
c.LDAPAuthenticator.allowed_groups = []
I can successfully use ldap utils to query the AD Server, the account in question for bind is used elsewhere without issue (not locked out) and the OU’s have all been double checked.
I have tried ldap with use_ssl = False, and ldaps with use_ssl = False. Tried leaving out the ldap from server. The logs above are with --debug and/or c.JupyterHub.log_level = ‘DEBUG’ Any Suggestions ?
Issue Analytics
- State:
- Created 5 years ago
- Comments:7
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sorry, I’m out of ideas then I can only recommend stepping through the code in a debugger such as PyCharm to try and figure out what the problem is.
At the end of the day it’s calling down into
ldap3so if you can find what works by calling that library directly you can probably find out what is going wrong.@CraigInches If you are not sure if to use port 389 or port 636(SSL) try and see from the jupyterhub server if you can form a connection, for example telnet ldaps://AD_SERVER_ADDRESS 636 or ldap://AD_SERVER_ADDRESS 389 Then just use which one connects.
Here is a pseudocode for using ldap3 straight, names match the jupyterhub-ldapauthenticator variable names:
You can see when you print conn.entries[0] what the bind_dn_template for the users you want is. then just replace the cn=someuser with cn={username} but keep the OU= and DC= parts. You can have many bind_dn_template, you can put them all in as list of strings.