Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AD integration with non-standard username leads to internal server error 500 #119

Closed
boltbeard opened this issue Mar 29, 2019 · 3 comments
Closed

AD integration with non-standard username leads to internal server error 500 #119

boltbeard opened this issue Mar 29, 2019 · 3 comments

Comments

@boltbeard
Copy link

boltbeard commented Mar 29, 2019
edited by consideRatio
Loading

Hi,

I'm having issues configuring the AD with jupyterhub and I would appreciate some help with it.

The username for a login through the AD on any Windows Client Machine looks like server-name\Name1.Name2. I currently got the error by starting the jupyterhub service and loging in with simply name1.name2.

os hosting jupyterhub: Ubuntu 18.04 LTS
conda-version : 4.6.8
jupyterhub - version : 0.9.4
LDAP : AD(active directory)
config :

c.JupyterHub.bind_url = 'http://127.0.0.1:8899'
c.ConfigurableHTTPProxy.api_url = 'http://127.0.0.1:8898'
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address = 'xxx.xxx.xxx.xxx'
c.LDAPAuthenticator.lookup_dn = True
c.LDAPAuthenticator.bind_dn_template = ['CN={username},OU=Users,OU=MyBusiness,DC=server-name,DC=local']
c.LDAPAuthenticator.valid_username_regex = '^[.a-zA-Z0-9\\\_-]*$'
c.LDAPAuthenticator.lookup_dn_search_filter = '({login_attr}={login})'
c.LDAPAuthenticator.lookup_dn_search_user = 'ldaplookup'
c.LDAPAuthenticator.lookup_dn_search_password = '*************************'
c.LDAPAuthenticator.user_search_base = 'OU=Users,OU=MyBusiness,DC=server-name,DC=local'
c.LDAPAuthenticator.user_attribute = 'sAMAccountName'
c.LDAPAuthenticator.lookup_dn_user_dn_attribute = 'cn'
c.LDAPAuthenticator.escape_userdn = False

The login seems to go through, but it lands me at :
image

The Error message at the console with --debug flag is :

[I 2019-03-29 09:30:44.988 JupyterHub log:158] 302 GET /hub/logout -> /hub/login ([email protected]) 133.33ms
[D 2019-03-29 09:30:45.020 JupyterHub log:158] 304 GET /hub/login (@127.0.0.1) 3.39ms
[D 2019-03-29 09:32:35.139 JupyterHub ldapauthenticator:299] TYPE= 'True'
[D 2019-03-29 09:32:35.139 JupyterHub ldapauthenticator:223] Looking up user with search_base=OU=Users,OU=MyBusiness,DC=server-name,DC=local, search_filter='(sAMAccountName=firstname.lastname)', attributes=sAMAccountName
[D 2019-03-29 09:32:35.910 JupyterHub ldapauthenticator:278] Attempting to bind firstname.lastname with CN=firstname.lastname,OU=Users,OU=MyBusiness,DC=server-name,DC=local
[D 2019-03-29 09:32:36.698 JupyterHub ldapauthenticator:333] Status of user bind firstname.lastname with CN=firstname.lastname,OU=Users,OU=MyBusiness,DC=server-name,DC=local : True
[D 2019-03-29 09:32:36.703 JupyterHub base:357] Setting cookie jupyterhub-session-id: {'httponly': True}
[D 2019-03-29 09:32:36.703 JupyterHub base:362] Setting cookie for firstname.lastname: jupyterhub-hub-login
[D 2019-03-29 09:32:36.703 JupyterHub base:357] Setting cookie jupyterhub-hub-login: {'httponly': True, 'path': '/hub/'}
[I 2019-03-29 09:32:36.703 JupyterHub base:499] User logged in: firstname.lastname
[I 2019-03-29 09:32:36.704 JupyterHub log:158] 302 POST /hub/login?next= -> /user/firstname.lastname/ ([email protected]) 1567.02ms
[I 2019-03-29 09:32:36.747 JupyterHub log:158] 302 GET /user/firstname.lastname/ -> /hub/user/firstname.lastname/ (@127.0.0.1) 0.62ms
[E 2019-03-29 09:32:36.940 JupyterHub base:1001] Preventing implicit spawn for firstname.lastname because last spawn failed: "getpwnam(): name not found: 'firstname.lastname'"
[E 2019-03-29 09:32:36.941 JupyterHub web:1670] Uncaught exception GET /hub/user/firstname.lastname/ (127.0.0.1)
    HTTPServerRequest(protocol='http', host='localhost:8899', method='GET', uri='/hub/user/firstname.lastname/', version='HTTP/1.1', remote_ip='127.0.0.1')
    Traceback (most recent call last):
      File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1003, in get
        raise copy.copy(exc).with_traceback(exc.__traceback__)
      File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
        result = yield result
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1052, in get
        await self.spawn_single_user(user)
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 705, in spawn_single_user
        timedelta(seconds=self.slow_spawn_timeout), finish_spawn_future
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 626, in finish_user_spawn
        await spawn_future
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 489, in spawn
        raise e
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 409, in spawn
        url = await gen.with_timeout(timedelta(seconds=spawner.start_timeout), f)
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1090, in start
        env = self.get_env()
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1083, in get_env
        env = self.user_env(env)
      File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1070, in user_env
        home = pwd.getpwnam(self.user.name).pw_dir
    KeyError: "getpwnam(): name not found: 'firstname.lastname'"
[D 2019-03-29 09:32:36.943 JupyterHub base:880] No template for 500
[E 2019-03-29 09:32:36.945 JupyterHub log:150] {
      "X-Forwarded-Host": "localhost:8899",
      "X-Forwarded-Proto": "http",
      "X-Forwarded-Port": "8899",
      "X-Forwarded-For": "127.0.0.1",
      "Upgrade-Insecure-Requests": "1",
      "Cookie": "jupyterhub-hub-login=\"2|1:0|10:1553851956|20:jupyterhub-hub-login|44:YjZjNWRiNzE4MDJhNGY3MTkzYTg1YzRlODIwODU0ZGE=|f5605c7b1d95bd6e7667eb63213756b2bea4ae0ab468a53466c82b34f8e9812f\"; username-localhost-8888=\"2|1:0|10:15
53779970|23:username-localhost-8888|44:ZDBjODliNTYzYTc3NGMwZDllNzVhZjkzYWU3YmQ0ZDE=|939d10f133c34ae30c1b648ca719ae63b86f03bc4a53fb6a518cf1fff7e5b6d8\"; _xsrf=2|0bf49cf8|311fd2bb65509707a7922d2b5c791d71|1553779094; username-localhost-8890
=\"2|1:0|10:1553781623|23:username-localhost-8890|44:MjcyZmVhODNjOWNjNDJlMWExZDk1YmU3NjhmYjdiY2I=|f132897d34ba1f6432d17c3765b3fd403e7f58bba1b7cc71fcf3c46114c77df4\"; jupyterhub-session-id=e3eba47ce6994e58bfbde33d96da724b",
      "Connection": "close",
      "Dnt": "1",
      "Referer": "http://localhost:8899/hub/login",
      "Accept-Encoding": "gzip, deflate",
      "Accept-Language": "en-GB,en;q=0.5",
      "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
      "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0",
      "Host": "localhost:8899"
    }
[E 2019-03-29 09:32:36.945 JupyterHub log:158] 500 GET /hub/user/firstname.lastname/ ([email protected]) 173.64ms
@dhirschfeld
Copy link
Collaborator

It looks like you're authenticating correctly:

[I 2019-03-29 09:32:36.703 JupyterHub base:499] User logged in: firstname.lastname

...and that the issue is with the spawner:

Traceback (most recent call last):
File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
result = yield result
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1003, in get
raise copy.copy(exc).with_traceback(exc.traceback)
File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
result = yield result
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1052, in get
await self.spawn_single_user(user)
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 705, in spawn_single_user
timedelta(seconds=self.slow_spawn_timeout), finish_spawn_future
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 626, in finish_user_spawn
await spawn_future
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 489, in spawn
raise e
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 409, in spawn
url = await gen.with_timeout(timedelta(seconds=spawner.start_timeout), f)
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1090, in start
env = self.get_env()
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1083, in get_env
env = self.user_env(env)
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1070, in user_env
home = pwd.getpwnam(self.user.name).pw_dir
KeyError: "getpwnam(): name not found: 'firstname.lastname'"

I think it's related to #19

Searching for KeyError: "getpwnam(): name not found might bring up other issues which might have a resolution.

@boltbeard
Copy link
Author

So far I see that the only resolution is to use a LocalLDAPAuthenticator as on #36 but that still doesn't work as expected,
When creating the users, given the AD log-in being of the form server-name\Name1.Name2, the home folder on the jupyterhob is essentially at \home\local\server-name\name1.name2. Using LocalLDAPAuthenticator it gets created in \home\nam1.name2. Is there a way to deal with this?

@consideRatio
Copy link
Member

Closing in favor of #261

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dhirschfeld @consideRatio @boltbeard