Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

ldap3.core.exceptions.LDAPStartTLSError: automatic start_tls befored bind not successful

See original GitHub issue

Bug description

A JupyterHub configuration that has worked in the past stopped working after I have pulled the newest library versions.

Expected behaviour

My previous configuration continues to work.

Actual behaviour

LDAP login leads to the exception ldap3.core.exceptions.LDAPStartTLSError: automatic start_tls befored bind not successful with the following stacktrace

[E 2020-08-10 16:12:04.735 JupyterHub web:1670] Uncaught exception POST /hub/login?next= (134.28.117.8)
    HTTPServerRequest(protocol='http', host='XXXX', method='POST', uri='/hub/login?next=', version='HTTP/1.1', remote_ip='134.28.117.8')
    Traceback (most recent call last):
      File "/opt/conda/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/opt/conda/lib/python3.6/site-packages/jupyterhub/handlers/login.py", line 81, in post
        user = await self.login_user(data)
      File "/opt/conda/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 473, in login_user
        authenticated = await self.authenticate(data)
      File "/opt/conda/lib/python3.6/site-packages/jupyterhub/auth.py", line 257, in get_authenticated_user
        authenticated = await maybe_future(self.authenticate(handler, data))
      File "/opt/conda/lib/python3.6/types.py", line 248, in wrapped
        coro = func(*args, **kwargs)
      File "/opt/conda/lib/python3.6/site-packages/ldapauthenticator/ldapauthenticator.py", line 382, in authenticate
        conn = self.get_connection(userdn, password)
      File "/opt/conda/lib/python3.6/site-packages/ldapauthenticator/ldapauthenticator.py", line 315, in get_connection
        server, user=userdn, password=password, auto_bind=auto_bind
      File "/opt/conda/lib/python3.6/site-packages/ldap3/core/connection.py", line 356, in __init__
        self._do_auto_bind()
      File "/opt/conda/lib/python3.6/site-packages/ldap3/core/connection.py", line 391, in _do_auto_bind
        raise LDAPStartTLSError(error)
    ldap3.core.exceptions.LDAPStartTLSError: automatic start_tls befored bind not successful

How to reproduce

I used the simple config lines:

c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address = 'ldaps://XXX'
c.LDAPAuthenticator.bind_dn_template = [
    "uid={username},ou=people,dc=XXX,dc=de"
]
c.LDAPAuthenticator.use_ssl = True

Your personal set up

  • OS: Ubuntu
  • Version: latest

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:28 (19 by maintainers)

github_iconTop GitHub Comments

2reactions
manicscommented, Aug 13, 2020

I’ve just released https://pypi.org/project/jupyterhub-ldapauthenticator/1.3.1/ with @1kastner’s PR to limit the version of ldap3. Hopefully we’ll have a proper fix soon.

2reactions
guillaumeebcommented, Aug 11, 2020

I’ll try redeploying my Jupyterhub and pinning ldap3 lib to 2.7 version to see if it works. Thanks for the analysis.

Pinning ldap3 to 2.7 in the Python environment where the Jupyterhub is started did the trick for me.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Python ldap3 - LDAPStartTLSError: startTLS failed - unavailable
I'm using a plain username: user="Domain\\User". I've tried auto-bind when settings the connection and It worked, but the problem is the conn.
Read more >
LDAP Not working: LDAPStartTLSError
Hi! Trying to setup a new Z2JH kubernetes cluster updated to the latest versions of jupyter hub and jupyterlab. But LDAP authentication appears...
Read more >
The BIND operation — ldap3 2.9.1 documentation
The bind() method will open the connection if not already open. The Bind operation allows credentials to be exchanged between the client and...
Read more >
jupyterhub/jupyterhub - Gitter
i have some problems using ldapauthenticator, always getting ldap3.core.exceptions.LDAPStartTLSError: automatic start_tls befored bind not successful. any ...
Read more >
ldapsearch Fails to Connect With LDAP Server With "TLS ...
Root Cause. STARTTLS and SSL connections cannot be used at the same time. STARTTLS is an extension to plain text communication protocols, ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add `auto_bind` config option

Next page

Allowed groups doesn't work because user cn and memberuid are not same