Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using ldapauthenticator #264

Closed
MarkusTeufelberger opened this issue Nov 8, 2017 · 6 comments
Closed

Using ldapauthenticator #264

MarkusTeufelberger opened this issue Nov 8, 2017 · 6 comments
Labels
enhancement
Milestone
0.7

Comments

@MarkusTeufelberger
Copy link

As I spent several hours on getting this to run, this is how one can use https://github.com/jupyterhub/ldapauthenticator with this project:

  1. clone this repository and edit the Dockerfile of the "hub" image, adding git+https://github.com/jupyterhub/ldapauthenticator@a8bc231 to the first pip3 call (the one installing lots of dependencies. The version from pypi is one year old and semms to have caused some issues, but that might have been different problems. It definitely is worth giving the released version a try, I decided to change to the most recent commit in the middle of debugging and didn't go back.
  2. Build the hub docker image that now also contains the ldap authenticator and push it to whereever your cluster gets its images from
  3. edit the config for this chart to contain an auth: section like this:
# Enable LDAP auth
# Requires https://github.com/jupyterhub/ldapauthenticator in the "hub" Docker image
auth:
  type: custom
  custom:
    className: ldapauthenticator.LDAPAuthenticator
    config:
      server_address: ldap.example.com
      bind_dn_template:
        - '{username}'
      use_ssl: false
      lookup_dn: false
      escape_userdn: false

The big issue that caused a lot of confusion on my end was that the keys in custom: are NOT like the documentation at https://github.com/jupyterhub/ldapauthenticator/blob/master/README.md but they are already dropped into the correct part of the configuration by https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/master/images/hub/jupyterhub_config.py#L188. To be clear: While the documentation is written as if the key should be LDAPAuthenticator.server_address or even c.LDAPAuthenticator.server_address, it actually must be server_address and the config loader will automatically put it in the LDAPAuthenticator section of the jupyterhub config. These settings are of course specific to your environment, the big issue for me was that they never were actually getting applied and the errors that were logged due to this were less than helpful.
4. Add the hub image that you built to the hub: image: section
5. Add whatever other configuration you need and deploy away

Things that will NOT work (easily):

  • Using the released image and just running pip3 install jupyterhub-ldapauthenticator in there to get your new hub image - you need to be root to do that, since root owns a few folders that you would need. You can write a Dockerfile with USER statements before and after the pip3 install I guess, I personally found it easy enough to just build the upstream one instead of using it as base layer.
  • Just expanding the config file. While I guess it could work, it sounds like asking for trouble in my opinion.

Hopefully this helps people who want LDAP authentication enabled for their jupyterhub instance on Kubernetes.
@yuvipanda yuvipanda added this to the 0.6 milestone Jan 9, 2018
@stevebuckingham
Copy link

This was massively helpful. Thanks!

@choldgraf choldgraf mentioned this issue Jan 12, 2018
Closed
@yuvipanda yuvipanda modified the milestones: 0.6, 0.7 Jan 22, 2018
@yuvipanda
Copy link
Collaborator

Thank you very much for these instructions!

I have untagged 0.6, since it's only a few days away and I don't think we can add native support for this by then. We will try to get this in for 0.7! Patches welcome :)

@willingc
Copy link
Collaborator

I've added a link to this issue in the Zero to JupyterHub wiki resources so that others may discover this helpful info more easily. Thanks for the write up.

@yuvipanda Is there any dev work still needed here?

@yuvipanda
Copy link
Collaborator

yuvipanda commented Feb 27, 2018 via email

@manics
Copy link
Member

manics commented Apr 16, 2018

I too assumed LDAP was already available till I tried to enable it. I'll have a go at adding it if no one else has.

@manics manics mentioned this issue Apr 16, 2018
Merged
@manics
Copy link
Member

manics commented Apr 16, 2018

#649

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
0.7
Development

No branches or pull requests
5 participants
@yuvipanda @MarkusTeufelberger @manics @willingc @stevebuckingham