manics
April 26, 2019, 9:57am
4
I’ve done this before. It requires this change to the LDAPAuthenticator .
You can then configure JupyterHub to extract the required LDAP attributes (username, UID), and pass them to the singleuser server by setting appropriate environment variables. If you start the singleuser server as root it will switch to that UID, which means it should be able to write to NFS as that user. I’ve written up some brief instructions:
README.md
# JupyterHub LDAP user id example
This is an example of configuring the [JupyterHub helm chart](https://github.com/jupyterhub/zero-to-jupyterhub-k8s) to run singleuser servers as an LDAP user.
It requires a modified LdapAuthenticator with this PR: https://github.com/jupyterhub/ldapauthenticator/pull/103.
Either build a custom JupyterHub Docker image with these changes, or define a new class in-line in the Hub configuration as done here.
In addition to the standard LDAPAuthenticator configuration you must set `user_info_attributes` to the properties you want to use which will depend on your LDAP server.
- `{LDAPAuthenticatorInfo or LDAPAuthenticator}.user_info_attributes = ['uid', 'uidNumber']`: in this example `uid` is the username and `uidNumber` is the UID.
- `auth.state` must be configured so the LDAP user properties can be passed to the singleuser server.show original
zero-to-jupyterhub-config.yml
hub:
cookieSecret: SECRET
db:
type: sqlite-memory
extraConfig: |
# In-line version of
# https://github.com/jupyterhub/ldapauthenticator/pull/103
import reshow original
2 Likes