Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ldap3.core.exceptions.LDAPStartTLSError
See original GitHub issueBug description
LDAP authentication works just fine with JupyterHub version 0.9.x and this configuration:
auth:
type: ldap
ldap:
server:
address: ldap.example.org
dn:
templates:
- 'uid={username},ou=People,dc=example,dc=org'
However, I found that versions 0.10+ of JupyterHub produce the following error in the hub’s pod:
ldap3.core.exceptions.LDAPStartTLSError: ('wrap socket error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)',)
with the equivalent LDAP configuration
hub:
config:
JupyterHub:
authenticator_class: ldapauthenticator.LDAPAuthenticator
LDAPAuthenticator:
bind_dn_template:
- uid={username},ou=People,dc=example,dc=org
server_address: ldap.example.org
Expected behaviour
Our LDAP server hasn’t changed so we would expect ldapauthenticator version 1.3.2 to work like version 1.3.0.
Actual behaviour
LDAP authentication with ldapauthenticator version 1.3.2 shouldn’t produce the exception above.
How to reproduce
- Configure
values.yamlwith LDAP authentication - Deploy JupyterHub version 0.10 or above
- Try to login to JupyterHub after deployment
- See error with
kubectl logs pod/hub-69fdcf79b7-xr946 | grep -i ldap
Your personal set up
-
OS: Kubernetes cluster deployed with Magnum on OpenStack Train OS: fedora-coreos-32.20200629.3.0
-
Version(s): JupyterHub 0.9 installs
ldapauthenticatorversion 1.3.0 JupyterHub 0.10 installsldapauthenticatorversion 1.3.2 JupyterHub 0.11 installsldapauthenticatorversion 1.3.2
I am always using zero-to-jupyterhub deployment.
Issue Analytics
- State:
- Created 3 years ago
- Comments:17 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I got the same issue solved by this https://stackoverflow.com/questions/61568215/openssl-v1-1-1-ubuntu-20-tlsv1-no-protocols-available
yaml file like this:
put the “tls1.cnf” into k8s node
in my case sloved, hope helpful.
I am not sure who to include into this discussion who has deeper insights into the specifica of ldap3 and their underlying libraries. This ldapauthenticator library is only scratching at the surface. Only little configuration is offered to the users.
I have heard of people who took another path: They used the default authenticator of JupyterHub and they configured the Linux login procedure in a way that it used LDAP for authentication. You could google
ldap pam authentication linuxand then check which of the solutions might be applicable in your case. That would be an option of how to bypass this problem.