Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support LDAP login (LDAPAuthenticator) #649

Merged
merged 7 commits into from
Apr 24, 2018
Merged

Support LDAP login (LDAPAuthenticator) #649

merged 7 commits into from
Apr 24, 2018

Conversation

manics
Copy link
Member

@manics manics commented Apr 16, 2018
edited
Loading

Closes #264

Based on https://github.com/jupyterhub/ldapauthenticator/blob/1bb93f3ad258fdcc464c5e5c88f36005ae579ce0/README.md
I've tried to follow the general pattern in jupyterhub_config.py when naming LDAP parameters but not everything is clear to me.

LDAPAuthenticator seems to have many more parameters than the other auth providers, so I added a new function set_config_if_not_none in z2jh.py to make it easier to keep the built-in defaults from LDAPAuthenticator when a value isn't overridden.

I've only tested this with my own setup:

auth:
  type: ldap
  ldap:
    server:
      address: ldap.EXAMPLE.org
      port: 389
      ssl: False
    dn:
      templates:
        - 'cn={username},ou=edir,ou=people,ou=EXAMPLE-UNIT,o=EXAMPLE'
    allowedGroups:
      - 'cn=example-group,ou=groups,ou=EXAMPLE-UNIT,o=EXAMPLE'

Warning: I have not tested the other parameters, in particular the active directory setup from https://github.com/jupyterhub/ldapauthenticator/blob/1bb93f3ad258fdcc464c5e5c88f36005ae579ce0/README.md#active-directory-integration is untested by me.

@manics manics mentioned this pull request Apr 16, 2018
Closed
@manics
Copy link
Member Author

manics commented Apr 17, 2018
edited
Loading

The equivalent of the example given in https://github.com/jupyterhub/ldapauthenticator/blob/1bb93f3ad258fdcc464c5e5c88f36005ae579ce0/README.md#active-directory-integration should be

auth:
  ldap:
    dn:
      lookup: true
      search:
        filter: '({login_attr}={login})'
        user: 'ldap_search_user_technical_account'
        password: 'secret'
        dnAttribute: 'cn'
      user:
        searchBase: 'ou=people,dc=wikimedia,dc=org'
        escape: False
        attribute: 'sAMAccountName'

@manics manics mentioned this pull request Apr 18, 2018
Merged
@yuvipanda
Copy link
Collaborator

Thanks, @manics! I'll merge this once tests pass.

Can you add a doc page about this too? That'd be awesome!

@yuvipanda yuvipanda merged commit a123fc1 into jupyterhub:master Apr 24, 2018
@manics manics deleted the ldap branch April 26, 2018 02:36
@manics manics mentioned this pull request Apr 28, 2018
Merged
@manics manics mentioned this pull request May 9, 2018
Closed
@manics manics mentioned this pull request Jun 14, 2018
Closed
@manics manics mentioned this pull request Aug 15, 2018
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manics @yuvipanda