-
Notifications
You must be signed in to change notification settings - Fork 177
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ldap3.core.exceptions.LDAPStartTLSError #194
Comments
This issue has been mentioned on Jupyter Community Forum. There might be relevant details there: https://discourse.jupyter.org/t/ldap3-core-exceptions-ldapstarttlserror/7935/3 |
@sebastian-luna-valero could you also report the installed versions of the ldap3 module for each JupyterHub version? |
@1kastner sorry, could you please provide steps to get that info? |
@sebastian-luna-valero You need to launch the very same Python the JupyterHub is running with. Then you can simply import the library and check its version number. Just the first google hit: https://stackoverflow.com/questions/20180543/how-to-check-version-of-python-modules |
Thanks. I am deploying JupyterHub on kubernetes, how can I check it in that case? |
Please check that yourself, I have no access to a kubernetes setup. |
Hi, I think these are the answers:
For future reference, here are the commands to check:
I hope that helps. Best regards, |
Maybe you can have a look at #186 which looks very similar. Check whether your ldap server uses SSL or START_TLS. Maybe you can just play with |
Hi, Our LDAP server uses START_TLS and when I add
I get:
On the other hand, adding
Best regards, |
Sorry then I can't help you. Maybe you can have a look at cannatag/ldap3#855 and the applied changes as described in #186 (comment). It seems like the ldapauthanticator library needs some changes so that it uses the ldap3 library correctly. |
Hi, I tried applying the patch and I got the same exception. Best regards, |
Hi, I have reported this issue and got feedback here cannatag/ldap3#925 (comment) Could I ask where is the relevant JupyterHub config to negotiate secure connection with the LDAP server? I couldn't find an answer in https://zero-to-jupyterhub.readthedocs.io or https://github.com/jupyterhub/ldapauthenticator/blob/master/README.md Best regards, |
Check ldapauthenticator/ldapauthenticator/ldapauthenticator.py Lines 307 to 317 in 31d70f8
|
Hi, Following steps here: https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#establishing-a-secure-connection The following commands work on both:
Does this help troubleshoot our issue? Best regards, |
I am not sure who to include into this discussion who has deeper insights into the specifica of ldap3 and their underlying libraries. This ldapauthenticator library is only scratching at the surface. Only little configuration is offered to the users. I have heard of people who took another path: They used the default authenticator of JupyterHub and they configured the Linux login procedure in a way that it used LDAP for authentication. You could google |
This issue has been mentioned on Jupyter Community Forum. There might be relevant details there: https://discourse.jupyter.org/t/ldap3-core-exceptions-ldapstarttlserror/7935/5 |
I got the same issue yaml file like this:
put the "tls1.cnf" into k8s node in my case sloved, hope helpful. |
Closing in favor of #259 |
Bug description
LDAP authentication works just fine with JupyterHub version 0.9.x and this configuration:
However, I found that versions 0.10+ of JupyterHub produce the following error in the hub’s pod:
with the equivalent LDAP configuration
Expected behaviour
Our LDAP server hasn't changed so we would expect
ldapauthenticator
version 1.3.2 to work like version 1.3.0.Actual behaviour
LDAP authentication with
ldapauthenticator
version 1.3.2 shouldn't produce the exception above.How to reproduce
values.yaml
with LDAP authenticationkubectl logs pod/hub-69fdcf79b7-xr946 | grep -i ldap
Your personal set up
OS:
Kubernetes cluster deployed with Magnum on OpenStack Train
OS: fedora-coreos-32.20200629.3.0
Version(s):
JupyterHub 0.9 installs
ldapauthenticator
version 1.3.0JupyterHub 0.10 installs
ldapauthenticator
version 1.3.2JupyterHub 0.11 installs
ldapauthenticator
version 1.3.2I am always using
zero-to-jupyterhub
deployment.The text was updated successfully, but these errors were encountered: