"User %r not allowed" after successful LDAP authentication

rwarren · July 3, 2024, 10:11pm

I am trying to set up a simple jupyterhub setup on a single server. No k8s or anything. I am using LDAP, and the jupyter-ldapauthenticator for authentication.

LDAP auth seems to be working fine (I am getting “Status of user bind… : True”), but I then immediately get “User xx is not allowed” and no notebook starts up.

Does anyone know what would be causing the “User %r not allowed” error after LDAP succeeds? I see it in the auth.py file here, and have tried debugging through that, but have been unable to so far due to the way it is packaged.

Below are some sample logs I see during a user login (anonymized a bit):

Jul 03 16:46:33 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:33.600 JupyterHub log:192] 302 GET /user/myuser/api/contents?content=1&1720039593567 -> /hub/user/myuser/api/contents?content=1&1720039593567 (@10.13.40.73) 1.54ms
Jul 03 16:46:33 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:33.624 JupyterHub log:192] 302 GET /hub/user/myuser/api/contents?content=1&1720039593567 -> /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fcontents%3Fcontent%3D1%261720039593567 (@10.13.40.73) 5.76ms
Jul 03 16:46:33 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:33.675 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fcontents%3Fcontent%3D1%261720039593567 (@10.13.40.73) 35.03ms
Jul 03 16:46:35 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:35.587 JupyterHub log:192] 302 GET /user/myuser/api/kernels?1720039595568 -> /hub/user/myuser/api/kernels?1720039595568 (@10.13.40.73) 1.28ms
Jul 03 16:46:35 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:35.593 JupyterHub log:192] 302 GET /user/myuser/api/terminals?1720039595569 -> /hub/user/myuser/api/terminals?1720039595569 (@10.13.40.73) 1.16ms
Jul 03 16:46:35 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:35.610 JupyterHub log:192] 302 GET /hub/user/myuser/api/kernels?1720039595568 -> /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fkernels%3F1720039595568 (@10.13.40.73) 3.15ms
Jul 03 16:46:35 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:35.613 JupyterHub log:192] 302 GET /hub/user/myuser/api/terminals?1720039595569 -> /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fterminals%3F1720039595569 (@10.13.40.73) 2.57ms
Jul 03 16:46:35 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:35.629 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fkernels%3F1720039595568 (@10.13.40.73) 3.01ms
Jul 03 16:46:35 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:35.632 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fterminals%3F1720039595569 (@10.13.40.73) 2.60ms
Jul 03 16:46:38 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:38.569 JupyterHub log:192] 302 GET /user/myuser/api/sessions?1720039598549 -> /hub/user/myuser/api/sessions?1720039598549 (@10.13.40.73) 1.27ms
Jul 03 16:46:38 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:38.587 JupyterHub log:192] 302 GET /hub/user/myuser/api/sessions?1720039598549 -> /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fsessions%3F1720039598549 (@10.13.40.73) 2.94ms
Jul 03 16:46:38 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:38.605 JupyterHub log:192] 200 GET /hub/login?next=%2Fhub%2Fuser%2Fmyuser%2Fapi%2Fsessions%3F1720039598549 (@10.13.40.73) 3.61ms
Jul 03 16:46:44 myserver.net jupyterhub[69761]: [D 2024-07-03 16:46:44.492 JupyterHub ldapauthenticator:256] Looking up user with:
Jul 03 16:46:44 myserver.net jupyterhub[69761]:         search_base = 'OU=UserAccounts,dc=xx,dc=mycompany,dc=net'
Jul 03 16:46:44 myserver.net jupyterhub[69761]:         search_filter = '(sAMAccountName=myuser)'
Jul 03 16:46:44 myserver.net jupyterhub[69761]:         attributes = 'sAMAccountName'
Jul 03 16:46:44 myserver.net jupyterhub[69761]: [D 2024-07-03 16:46:44.569 JupyterHub ldapauthenticator:379] Attempting to bind myuser with CN=Russ Warren,OU=OTT,OU=Regular,OU=UserAccounts,DC=xx,DC=mycompany,DC=net
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [D 2024-07-03 16:46:47.841 JupyterHub ldapauthenticator:392] Status of user bind myuser with CN=Russ Warren,OU=OTT,OU=Regular,OU=UserAccounts,DC=xx,DC=mycompany,DC=net : True
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [D 2024-07-03 16:46:47.841 JupyterHub ldapauthenticator:431] username:myuser Using dn CN=Russ Warren,OU=OTT,OU=Regular,OU=UserAccounts,DC=xx,DC=mycompany,DC=net
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [W 2024-07-03 16:46:47.919 JupyterHub auth:705] User 'myuser' not allowed.
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [W 2024-07-03 16:46:47.919 JupyterHub base:979] Failed login for myuser
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [I 2024-07-03 16:46:47.922 JupyterHub log:192] 200 POST /hub/login?next=%2Fhub%2F (@10.13.40.73) 7091.82ms
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [W 2024-07-03 16:46:47.922 JupyterHub metrics:385] Event loop was unresponsive for 7.10s!
Jul 03 16:46:47 myserver.net jupyterhub[69761]: [D 2024-07-03 16:46:47.931 JupyterHub log:192] 200 GET /hub/static/components/@fortawesome/fontawesome-free/webfonts/fa-solid-900.woff2 (@10.13.40.73) 7.92ms

rwarren · July 4, 2024, 4:40am

FOUND IT.

The problem is that I’m running jupyterhub v5.0 (which I forgot to mention, as well as other important versions), and I had not seen that v5.0 flipped access defaults. Setting allow_all = True fixed things. I don’t want to admit how much time this took me to figure out.

Topic		Replies	Views
LDAP Error on JupyterHub 0.10.6 on k8s Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	1	847	February 5, 2021
Configure Jupyterhub with Active Directory JupyterHub	0	1806	May 29, 2019
Unable to use LDAP authentication Plugin JupyterHub jupyterhub , how-to , help-wanted	1	3042	March 31, 2021
JupyterHub 0.11.1 LDAP not working JupyterHub help-wanted	15	2435	February 3, 2021
!pip install occur permission problem in notebook JupyterHub notebook	2	790	October 21, 2021

"User %r not allowed" after successful LDAP authentication

Related topics