[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debugging connection issues #116

Open
dhirschfeld opened this issue Feb 7, 2019 · 3 comments
Open

Debugging connection issues #116

dhirschfeld opened this issue Feb 7, 2019 · 3 comments

Comments

@dhirschfeld
Copy link
Collaborator
dhirschfeld commented Feb 7, 2019
edited
Loading

It can be useful to use the underlying ldap3 library to ensure the configuration is correct. This can be done as shown below:

server = ldap3.Server(server_address, port=389, use_ssl=False)
conn = ldap3.Connection(server, user=lookup_dn_search_user, password=lookup_dn_search_password, auto_bind=ldap3.AUTO_BIND_NO_TLS)
is_bound = conn.bind()
assert is_bound
conn.search(
    search_base=user_search_base,
    search_scope=ldap3.SUBTREE,
    search_filter='(sAMAccountName=dhirschfeld)',
    attributes=ldap3.ALL_ATTRIBUTES
)
conn.response[0]
resp = conn.response[0]
print(resp['attributes'][lookup_dn_user_dn_attribute])
@dhirschfeld dhirschfeld mentioned this issue Feb 8, 2019
Open
@Cronan
Copy link
Cronan commented Mar 12, 2019

How does the above code map to the config?

The following works with my server:

import ldap3
server = ldap3.Server("my-ldap.ad.server.com", port=389, use_ssl=False)
conn = ldap3.Connection(server, user="my_ldap@ad.server.com", password="super_secret", auto_bind=ldap3.AUTO_BIND_NO_TLS)
is_bound=conn.bind()
conn.search(search_base="DC=ad,DC=server,DC=com", search_scope=ldap3.SUBTREE,search_filter='(sAMAccountName=bbloggs)',attributes=ldap3.ALL_ATTRIBUTES)
resp = conn.response[0]
print(resp['attributes']['cn'])
Blogs, Bill
print(resp['attributes']['uid'])
bblogs

My jupyterhub config is as follows:

auth:
  type: ldap
  ldap:
    server:
      address: my-ldap.ad.server.com:389
    dn:
      lookup: true
      search:
        filter: '({login_attr}={login})'
        user: 'my_ldap@ad.server.com'
        password: 'super_secret'
      user:
        searchBase: 'DC=ad,DC=server,DC=com'
        escape: False
        attribute: 'sAMAccountName'
        dnAttribute: 'cn'

I still get the following error:
ldapauthenticator:379] Invalid password for user bbloggs

@mannevijayakrishna
Copy link

can you please go thru the documentation and try it works for me.

https://github.com/jupyterhub/ldapauthenticator

@Cronan
Copy link
Cronan commented Mar 13, 2019
edited
Loading

can you please go thru the documentation and try it works for me.

https://github.com/jupyterhub/ldapauthenticator

Found it. It's all down to the templates - you need to get samples of several users from your target ldap and look at their dn entries.

Debugging this is quite hard, this code has no tests and a bare-bones main example.

@dhirschfeld dhirschfeld mentioned this issue Oct 25, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Cronan @dhirschfeld @mannevijayakrishna