Added LDAPLocalAuthenticator

[Karel-van-de-Plassche]

By inheriting from the LocalAuthenticator class, LDAPLocalAuthenticator is able to create non-existing user accounts.

WARNING!! ONLY TESTED USER CREATION!

[Karel-van-de-Plassche]

Should solve #29 and jupyterhub/jupyterhub#932

[deebuls]

Patch Not Working:
Error

[E 2017-04-25 15:40:57.851 JupyterHub user:251] Unhandled error starting dnair2s's server: 'getpwnam(): name not found: dnair2s
'

I tested this with the following in the config file.

c.LDAPAuthenticator.create_system_users = True                                  
c.Authenticator.add_user_cmd =  ['adduser', '-q', '--home', '{{home_dir}}/USERNAME', '--gecos', '""', '--disabled-password'

But the home directory is not created.

Is there anything else to be added in the configuration.

[Karel-van-de-Plassche]

Did you add

c.JupyterHub.authenticator_class = 'ldapauthenticator.ldapauthenticator.LDAPLocalAuthenticator'

In my tested use case I'm not using c.Authenticator.add_user_cmd. As per LDAPAuthenticator documentation, you should also add c.LDAPAuthenticator.server_address and c.LDAPAuthenticator.bind_dn_template. To make your life easier for testing, I would also use c.LDAPAuthenticator.use_ssl = False

Might it be related to compmodels/jupyterhub#7?

You can find my jupyterhub_config.py and Docker configuration at https://github.com/gkdb/gkdb-docker/tree/master/jupyterhub

[deebuls]

Yes I added the other parameters.
And it works if I create the users manually.

[Karel-van-de-Plassche]

It sounds to me like an issue not related to this patch. Did you try with only the LocalAuthenticator?

[deebuls]

Issue solved 👍
Need to add

c.JupyterHub.authenticator_class = 'ldapauthenticator.ldapauthenticator.LDAPLocalAuthenticator'

Maybe need to change the README.md file. Because the README.md says

c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'

and this doesn't works

[Myllyenko]

This PR has solved my problem. I hope it will be included in the master branch.

[yuvipanda]

Heya! Am glad this works for some people - however, it's pretty insecure since there's no cleanup of created users - so users who are disabled in LDAP will have access to this for far longer. Plus, there's really good support in Linux for integrating LDAP into the system user setup directly - so users can just use PAM (which is supported in not just JupyterHub, but ssh and a lot of other tools) to log in. You can see http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html and lots of other documentation on the web on how to set up LDAP to provide user accounts for your system. Those are all very widely used, much more secure & more widely documented - and I would recommend you use them rather than have JupyterHub create local accounts.

See #19 for prior discussion on this.

Thank you very much for the patch, and I appreciate it - but am not going to include this in functionality on account of it being insecure.

We could and probably should add a lot more docs to the README pointing this out, since I guess it's a very common question!