Cannot login to LDAP after Migration to Kubernetes

Hi,
I’ve just migrated my JupyterHub installation to a K3s Cluster using the Zero to JupyerHub Helm chart. Unfortunately, the hub pod cannot connect to the ldap (AD) server.

I get this from the server

File "/usr/local/lib/python3.8/dist-packages/ldap3/core/tls.py", line 289, in _start_tls
        raise start_tls_exception_factory(e)(connection.last_error)
    ldap3.core.exceptions.LDAPStartTLSError: wrap socket error: [Errno 104] Connection reset by peer

I use the same hub config in Kubernetes as for the standalone python installation, I just put it into the config.yaml

JupyterHub:
      authenticator_class: ldapauthenticator.LDAPAuthenticator
    LDAPAuthenticator:
      server_address: xx
      lookup_dn: true
      user_search_base: dc=xx,dc=xx,dc=local
      user_attribute: sAMAccountName
      lookup_dn_user_dn_attribute: cn
      lookup_dn_search_filter: ({login_attr}={login})
      lookup_dn_search_user: xx
      lookup_dn_search_password:xx
      use_ssl: False

I also dumped the tcp packages on the node. It connects with its public ip to correct ldap server ip and port, but the ldap resets the connection.

I cannot find any difference between the pod’s communication to ldap and the communication of the standalone installation :confused:

Are you using the same version of LDAPAuthenticator on both deployments?

Yes, I use 1.3.2 in both

Do you have any firewalls that might restrict communication with the LDAP server? Can you see any error messages in the LDAP server?

The firewall on the k3s node/master ist disabled. I haven’t any logs from the server, yet. I don’t administrate it. The node tries to connect to ldap on the same ip and port, so there shouldn’t be any other firewalls between or something else.

After further testing I can say, that Kubernetes and containers in general don’t cause the problem.

It depends on the installation of jupyterhub. When I use pip to install it, the connection to LDAP doesn’t work. Using conda it works. Both installations use the same ldapauthenticator, ldap3 and jupyterhub version.