LDAP Authenticator error 500 creating user

Can anyone help please?

After configuring LDAP authenticator, users with spaces in the CN value, like “CN=John Smith” log in and receive an error.

_"500 : Internal Server Error
Error in Authenticator.pre_spawn_start: CalledProcessError Command ‘[‘useradd’, ‘–create-home’, ‘jupyter-john smith-eccf8’]’ returned non-zero exit status 3.

You can try restarting your server from the home page."_

How to reproduce

Configure Jupyter Hub with the following ldap authentication options and use a user with a space in their CN.

c.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address = 'contoso.com'
c.LDAPAuthenticator.lookup_dn = True
c.LDAPAuthenticator.lookup_dn_search_filter = '({login_attr}={login})'
c.LDAPAuthenticator.lookup_dn_search_user = '<snip>'
c.LDAPAuthenticator.lookup_dn_search_password = '<snip>'
c.LDAPAuthenticator.user_search_base = 'OU=users,DC=contoso,DC=com'
c.LDAPAuthenticator.user_attribute = 'sAMAccountName'
c.LDAPAuthenticator.lookup_dn_user_dn_attribute = 'cn'
c.LDAPAuthenticator.escape_userdn = True
c.LDAPAuthenticator.bind_dn_template = '{username}'
c.LDAPAuthenticator.use_lookup_dn_username = True

Using TLJH

  • OS:

  • Version(s): lsb_release -a
    Distributor ID: Ubuntu
    Description: Ubuntu 18.04.5 LTS
    Release: 18.04
    Codename: bionic

For clarity we are using TLJH and here is the config we used.

sudo tljh-config set auth.LDAPAuthenticator.server_address = ‘contoso.com
sudo tljh-config set auth.LDAPAuthenticator.lookup_dn = True
sudo tljh-config set auth.LDAPAuthenticator.lookup_dn_search_filter = ‘({login_attr}={login})’
sudo tljh-config set auth.LDAPAuthenticator.lookup_dn_search_user = ‘’
sudo tljh-config set auth.LDAPAuthenticator.lookup_dn_search_password = ‘’
sudo tljh-config set auth.LDAPAuthenticator.user_search_base = ‘OU=users,DC=contoso,DC=com’
sudo tljh-config set auth.LDAPAuthenticator.user_attribute = ‘sAMAccountName’
sudo tljh-config set auth.LDAPAuthenticator.lookup_dn_user_dn_attribute = ‘cn’
sudo tljh-config set auth.LDAPAuthenticator.escape_userdn = True
sudo tljh-config set auth.LDAPAuthenticator.bind_dn_template = ‘{username}’
sudo tljh-config set auth.LDAPAuthenticator.use_lookup_dn_username = True

@yuvipanda - I’d really appreciate your thoughts pretty pls?