You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I previously got some help on #130 that solved the problem I was facing at the time. However, when I went to deploy out to our internal development environment (versus the VM setup I had on my local system), I hit a snag.
This fails to authenticate users like myself when I try to log in with the following error message:
Aug 08 20:52:20 ip-10-50-194-182 python3[17747]: [D 2019-08-08 20:52:20.889 JupyterHub ldapauthenticator:299] TYPE= 'False'
Aug 08 20:52:20 ip-10-50-194-182 python3[17747]: [D 2019-08-08 20:52:20.889 JupyterHub ldapauthenticator:223] Looking up user with search_base=OU=DAPPUsers,DC=dapp,DC=moxie,DC=local, search_filter='(sAMAccountName=nclemons)', attributes=sAMAccountName
Aug 08 20:52:20 ip-10-50-194-182 python3[17747]: [D 2019-08-08 20:52:20.941 JupyterHub ldapauthenticator:278] Attempting to bind nclemons with CN=Nathan Clemons,OU=DAPPUsers,DC=dapp,DC=moxie,DC=local
Aug 08 20:52:20 ip-10-50-194-182 python3[17747]: [D 2019-08-08 20:52:20.942 JupyterHub ldapauthenticator:333] Status of user bind nclemons with CN=Nathan Clemons,OU=DAPPUsers,DC=dapp,DC=moxie,DC=local : False
Aug 08 20:52:20 ip-10-50-194-182 python3[17747]: LDAPBindError: automatic bind not successful - invalidCredentials
Aug 08 20:52:20 ip-10-50-194-182 python3[17747]: [W 2019-08-08 20:52:20.942 JupyterHub ldapauthenticator:379] Invalid password for user nclemons
This is because the full path for my user account is actually CN=Nathan Clemons,OU=MCS,OU=Users,OU=DAPPUsers,DC=dapp,DC=moxie,DC=local instead of CN=Nathan Clemons,OU=DAPPUsers,DC=dapp,DC=moxie,DC=local. But I can't set the template to the MCS OU because some of the non-admin users will be in another OU (ENG in this case). I verified this in my VM setup by creating an OU underneath what I was setting the base and template to, and it failed after I moved my test account into that new OU.
I am suspecting that the problem is not with my user_search_base, but instead is with my bind_dn_template, since it does appear that it's successfully finding my account since it's managed to look up my full name from the username. Is there another macro that I can use in the bind_dn_template to pass the full OU path to the retrieved user account?
The text was updated successfully, but these errors were encountered:
The bind_dn_template can be a list of templates to try - if one works the the user is authenticated. So just pass a template for each of the possible variations of allowed users
I previously got some help on #130 that solved the problem I was facing at the time. However, when I went to deploy out to our internal development environment (versus the VM setup I had on my local system), I hit a snag.
My TLJH config is as so:
This fails to authenticate users like myself when I try to log in with the following error message:
This is because the full path for my user account is actually
CN=Nathan Clemons,OU=MCS,OU=Users,OU=DAPPUsers,DC=dapp,DC=moxie,DC=local
instead ofCN=Nathan Clemons,OU=DAPPUsers,DC=dapp,DC=moxie,DC=local
. But I can't set the template to the MCS OU because some of the non-admin users will be in another OU (ENG in this case). I verified this in my VM setup by creating an OU underneath what I was setting the base and template to, and it failed after I moved my test account into that new OU.I am suspecting that the problem is not with my
user_search_base
, but instead is with mybind_dn_template
, since it does appear that it's successfully finding my account since it's managed to look up my full name from the username. Is there another macro that I can use in thebind_dn_template
to pass the full OU path to the retrieved user account?The text was updated successfully, but these errors were encountered: