sluna
February 13, 2021, 8:51am
1
Hi,
JupyterHub version 0.9.x works just fine with this LDAP authentication configuration
auth:
type: ldap
ldap:
server:
address: ldap.example.org
dn:
templates:
- 'uid={username},ou=People,dc=example,dc=org'
However, I found that versions 0.10+ of JupyterHub produce the following error in the hub’s pod:
ldap3.core.exceptions.LDAPStartTLSError: ('wrap socket error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)',)
with the equivalent LDAP configuration
hub:
config:
JupyterHub:
authenticator_class: ldapauthenticator.LDAPAuthenticator
LDAPAuthenticator:
bind_dn_template:
- uid={username},ou=People,dc=example,dc=org
server_address: ldap.example.org
Does anyone know why?
Many thanks,
Well, the ldapauthenticator relies on ldap3 and probably one year ago they did some major changes in their library API. This in turn led to changes in how the the ldapauthicator uses the library. Could it be that for JupyterHub 0.9 just a lower ldapauthenticator or ldap3 library version is pinned? So that with a newer JupyterHub version you automatically updated these two libraries as well?
Therefore, please provide your library versions before and after the update. I guess it is the best to create an issue in the ldapauthenticator github repo.
sluna
February 15, 2021, 9:48am
3
1 Like
Hi @sluna
I am facing the same issue with openldap integration on Jupyterhub, were you able to resolve the issue?
Regards,
sluna
April 27, 2021, 10:42am
5
Hi,
Sorry, I wasn’t able to narrow down the root cause of the issue.
I followed it up with no success in the following threads, in case it helps:
opened 09:47AM - 15 Feb 21 UTC
bug
### Bug description
LDAP authentication works just fine with JupyterHub ver… sion 0.9.x and this configuration:
```
auth:
type: ldap
ldap:
server:
address: ldap.example.org
dn:
templates:
- 'uid={username},ou=People,dc=example,dc=org'
```
However, I found that versions 0.10+ of JupyterHub produce the following error in the hub’s pod:
```
ldap3.core.exceptions.LDAPStartTLSError: ('wrap socket error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)',)
```
with the equivalent LDAP configuration
```
hub:
config:
JupyterHub:
authenticator_class: ldapauthenticator.LDAPAuthenticator
LDAPAuthenticator:
bind_dn_template:
- uid={username},ou=People,dc=example,dc=org
server_address: ldap.example.org
```
#### Expected behaviour
Our LDAP server hasn't changed so we would expect `ldapauthenticator` version 1.3.2 to work like version 1.3.0.
#### Actual behaviour
LDAP authentication with `ldapauthenticator` version 1.3.2 shouldn't produce the exception above.
### How to reproduce
1. Configure `values.yaml` with LDAP authentication
2. Deploy JupyterHub version 0.10 or above
3. Try to login to JupyterHub after deployment
4. See error with `kubectl logs pod/hub-69fdcf79b7-xr946 | grep -i ldap`
### Your personal set up
<!--
Tell us a little about the system you're using.
Please include information about how you installed,
e.g. are you using a distribution such as zero-to-jupyterhub or the-littlest-jupyterhub.
-->
- OS:
Kubernetes cluster deployed with Magnum on OpenStack Train
OS: fedora-coreos-32.20200629.3.0
- Version(s):
JupyterHub 0.9 installs `ldapauthenticator` version 1.3.0
JupyterHub 0.10 installs `ldapauthenticator` version 1.3.2
JupyterHub 0.11 installs `ldapauthenticator` version 1.3.2
I am always using `zero-to-jupyterhub` deployment.
opened 07:36AM - 26 Feb 21 UTC
external issue
question
Hi,
I am indirectly using `ldap3` to offer LDAP authentication on a JupyterHu… b deployment with kubernetes. I am always using the same LDAP server, and I have tested it with the following JupyterHub versions:
* JupyterHub 0.9.1 ships ldap3 version 2.7
* JupyterHub 0.10.6 ships ldap3 version 2.8.1
* JupyterHub 0.11.1 ships ldap3 version 2.8.1
I found that JupyterHub 0.9.1 with ldap3 version 2.7 works correctly with our LDAP server. However, JupyterHub deployments with ldap3 version 2.8.1 do not work and they throw the following exception:
```
ldap3.core.exceptions.LDAPStartTLSError: ('wrap socket error: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1123)',)
```
This issue has been previously reported in:
* https://github.com/jupyterhub/ldapauthenticator/issues/194
* https://discourse.jupyter.org/t/ldap3-core-exceptions-ldapstarttlserror/7935/2
I am not sure how to help solve this problem, any ideas?
Best regards,
Sebastian
Best regards,
Have you checked the ssl library manual? Is this exception well-known or is it a bug which might be worth reporting?
sluna
May 7, 2021, 9:42am
7
Hi,
I haven’t sorry. Could you please point me to right place? I will see if I can find something and report back.
Best regards,