How to query a LDAP server after AzureAD Authentication in a Z2JH environment?

Hello, members.

Goal

I would like to query a LDAP server after AzureAD Authentication in a Z2JH environment.
It is necessary to set some parameters like NB_UID, NB_GID, CHOWN_HOME and so on.

I succeed AzureAD authentication.

Questions

Could you tell me how to call a hook method like pre_spawn_start?

I found the following message, so It use the AzureAdOAuthenticatorInfo class.
[I 2024-09-25 13:10:15.006 JupyterHub app:2889] Using Authenticator: builtins.AzureAdOAuthenticatorInfo

I expect show pre_spawn_start ********************* in log file. but It doesn’t show in the log.

Configuration example

debug:
  enabled: true
hub:
  config:
    Authenticator:
      enable_auth_state: true
      allowed_users:
        - alice@example.com
    AzureAdOAuthenticator:
      client_id: "client_id"
      client_secret: "secret"
      oauth_callback_url: https://example.com/hub/oauth_callback
      tenant_id: tenant_id
      scope:
      - openid
      - profile
      username_claim: "unique_name"
    #JupyterHub:
    #  authenticator_class: azuread
  extraConfig:
    SpawnerCustomConfig: |
      from oauthenticator.azuread import AzureAdOAuthenticator
      from hashlib import md5

      class AzureAdOAuthenticatorInfo(AzureAdOAuthenticator):
          async def pre_spawn_start(self, user, spawner):
              self.log.debug(f"pre_spawn_start *********************")
              auth_state = await user.get_auth_state()

              self.log.debug(f"pre_spawn_start *********************")
              self.log.debug(f"pre_spawn_start auth_state: {auth_state}")
              self.log.debug(f"pre_spawn_start *********************")

      c.JupyterHub.authenticator_class = AzureAdOAuthenticatorInfo

Environment

• Jupyterhub: 3.1.0
• App Version: 4.0.2
• k8s: v1.28.2
• OS: Ubuntu 22.04

You’re logging at debug level, which is hidden by default. Try enabling debug logging.

If that doesn’t work then try logging at a level that should definitely be shown, e.g. error

Hello, @manics. Thank you for your reply.

The log message showed pre_spawn_start ********************* without any modification. (I don’t know why, but it probably relates to some missing my operation)
(I already enabled debug parameter)

Finally, I configured it like the one below. It is working well.

Thanks.

debug:
  enabled: true
hub:
  config:
    Authenticator:
      enable_auth_state: true
    AzureAdOAuthenticator:
      client_id: "clientid"
      client_secret: "secret"
      oauth_callback_url: https://host/hub/oauth_callback
      tenant_id: tenant_id
      scope:
      - openid
      - profile
  extraConfig:
    SpawnerCustomConfig: |
      from oauthenticator.azuread import AzureAdOAuthenticator
      from ldap3 import Server, Connection, ALL, SUBTREE
      from hashlib import md5

      class AzureAdOAuthenticatorInfo(AzureAdOAuthenticator):
          async def authenticate(self, handler, data=None):
              user_info = await super().authenticate(handler, data)
              self.log.debug(f"user_info user_info: {user_info}")

              email = user_info.get('auth_state', {}).get('user', {}).get('email')

              # LDAP setting write here
              # .. SNIP

              auth_state = user_info['auth_state']
              auth_state['uidNumber'] = str(entry.uidNumber)
              auth_state['gidNumber'] = str(entry.gidNumber)

          async def pre_spawn_start(self, user, spawner):
              auth_state = await user.get_auth_state()

              if not auth_state:
                # auth_state not enabled
                return

              self.log.info(f"pre_spawn_start *********************")
              self.log.debug(f"pre_spawn_start auth_state: {auth_state}")

              #spawner.environment["NB_USER"] = username
              spawner.environment["NB_UID"] = auth_state['uidNumber']
              spawner.environment["NB_GID"] = auth_state['gidNumber']

      c.Authenticator.allow_all = True
      c.JupyterHub.authenticator_class = AzureAdOAuthenticatorInfo