ldapauthenticator icon indicating copy to clipboard operation
ldapauthenticator copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

AD integration with non-standard username leads to internal server error 500

Open boltbeard opened this issue 6 years ago • 2 comments
trafficstars

Hi,

I'm having issues configuring the AD with jupyterhub and I would appreciate some help with it.

The username for a login through the AD on any Windows Client Machine looks like server-name\Name1.Name2. I currently got the error by starting the jupyterhub service and loging in with simply name1.name2.

os hosting jupyterhub: Ubuntu 18.04 LTS conda-version : 4.6.8 jupyterhub - version : 0.9.4 LDAP : AD(active directory) config : c.JupyterHub.bind_url = 'http://127.0.0.1:8899' c.ConfigurableHTTPProxy.api_url = 'http://127.0.0.1:8898' c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator' c.LDAPAuthenticator.server_address = 'xxx.xxx.xxx.xxx' c.LDAPAuthenticator.lookup_dn = True c.LDAPAuthenticator.bind_dn_template = ['CN={username},OU=Users,OU=MyBusiness,DC=server-name,DC=local'] c.LDAPAuthenticator.valid_username_regex = '^[.a-zA-Z0-9\\\_-]*$' c.LDAPAuthenticator.lookup_dn_search_filter = '({login_attr}={login})' c.LDAPAuthenticator.lookup_dn_search_user = 'ldaplookup' c.LDAPAuthenticator.lookup_dn_search_password = '*************************' c.LDAPAuthenticator.user_search_base = 'OU=Users,OU=MyBusiness,DC=server-name,DC=local' c.LDAPAuthenticator.user_attribute = 'sAMAccountName' c.LDAPAuthenticator.lookup_dn_user_dn_attribute = 'cn' c.LDAPAuthenticator.escape_userdn = False

The login seems to go through, but it lands me at : image

The Error message at the console with --debug flag is :

[I 2019-03-29 09:30:44.988 JupyterHub log:158] 302 GET /hub/logout -> /hub/login ([email protected]) 133.33ms [D 2019-03-29 09:30:45.020 JupyterHub log:158] 304 GET /hub/login (@127.0.0.1) 3.39ms [D 2019-03-29 09:32:35.139 JupyterHub ldapauthenticator:299] TYPE= 'True' [D 2019-03-29 09:32:35.139 JupyterHub ldapauthenticator:223] Looking up user with search_base=OU=Users,OU=MyBusiness,DC=server-name,DC=local, search_filter='(sAMAccountName=firstname.lastname)', attributes=sAMAccountName [D 2019-03-29 09:32:35.910 JupyterHub ldapauthenticator:278] Attempting to bind firstname.lastname with CN=firstname.lastname,OU=Users,OU=MyBusiness,DC=server-name,DC=local [D 2019-03-29 09:32:36.698 JupyterHub ldapauthenticator:333] Status of user bind firstname.lastname with CN=firstname.lastname,OU=Users,OU=MyBusiness,DC=server-name,DC=local : True [D 2019-03-29 09:32:36.703 JupyterHub base:357] Setting cookie jupyterhub-session-id: {'httponly': True} [D 2019-03-29 09:32:36.703 JupyterHub base:362] Setting cookie for firstname.lastname: jupyterhub-hub-login [D 2019-03-29 09:32:36.703 JupyterHub base:357] Setting cookie jupyterhub-hub-login: {'httponly': True, 'path': '/hub/'} [I 2019-03-29 09:32:36.703 JupyterHub base:499] User logged in: firstname.lastname [I 2019-03-29 09:32:36.704 JupyterHub log:158] 302 POST /hub/login?next= -> /user/firstname.lastname/ ([email protected]) 1567.02ms [I 2019-03-29 09:32:36.747 JupyterHub log:158] 302 GET /user/firstname.lastname/ -> /hub/user/firstname.lastname/ (@127.0.0.1) 0.62ms [E 2019-03-29 09:32:36.940 JupyterHub base:1001] Preventing implicit spawn for firstname.lastname because last spawn failed: "getpwnam(): name not found: 'firstname.lastname'" [E 2019-03-29 09:32:36.941 JupyterHub web:1670] Uncaught exception GET /hub/user/firstname.lastname/ (127.0.0.1) HTTPServerRequest(protocol='http', host='localhost:8899', method='GET', uri='/hub/user/firstname.lastname/', version='HTTP/1.1', remote_ip='127.0.0.1') Traceback (most recent call last): File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute result = yield result File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1003, in get raise copy.copy(exc).with_traceback(exc.traceback) File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute result = yield result File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1052, in get await self.spawn_single_user(user) File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 705, in spawn_single_user timedelta(seconds=self.slow_spawn_timeout), finish_spawn_future File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 626, in finish_user_spawn await spawn_future File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 489, in spawn raise e File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 409, in spawn url = await gen.with_timeout(timedelta(seconds=spawner.start_timeout), f) File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1090, in start env = self.get_env() File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1083, in get_env env = self.user_env(env) File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1070, in user_env home = pwd.getpwnam(self.user.name).pw_dir KeyError: "getpwnam(): name not found: 'firstname.lastname'" [D 2019-03-29 09:32:36.943 JupyterHub base:880] No template for 500 [E 2019-03-29 09:32:36.945 JupyterHub log:150] { "X-Forwarded-Host": "localhost:8899", "X-Forwarded-Proto": "http", "X-Forwarded-Port": "8899", "X-Forwarded-For": "127.0.0.1", "Upgrade-Insecure-Requests": "1", "Cookie": "jupyterhub-hub-login="2|1:0|10:1553851956|20:jupyterhub-hub-login|44:YjZjNWRiNzE4MDJhNGY3MTkzYTg1YzRlODIwODU0ZGE=|f5605c7b1d95bd6e7667eb63213756b2bea4ae0ab468a53466c82b34f8e9812f"; username-localhost-8888="2|1:0|10:15 53779970|23:username-localhost-8888|44:ZDBjODliNTYzYTc3NGMwZDllNzVhZjkzYWU3YmQ0ZDE=|939d10f133c34ae30c1b648ca719ae63b86f03bc4a53fb6a518cf1fff7e5b6d8"; _xsrf=2|0bf49cf8|311fd2bb65509707a7922d2b5c791d71|1553779094; username-localhost-8890 ="2|1:0|10:1553781623|23:username-localhost-8890|44:MjcyZmVhODNjOWNjNDJlMWExZDk1YmU3NjhmYjdiY2I=|f132897d34ba1f6432d17c3765b3fd403e7f58bba1b7cc71fcf3c46114c77df4"; jupyterhub-session-id=e3eba47ce6994e58bfbde33d96da724b", "Connection": "close", "Dnt": "1", "Referer": "http://localhost:8899/hub/login", "Accept-Encoding": "gzip, deflate", "Accept-Language": "en-GB,en;q=0.5", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0", "Host": "localhost:8899" } [E 2019-03-29 09:32:36.945 JupyterHub log:158] 500 GET /hub/user/firstname.lastname/ ([email protected]) 173.64ms

boltbeard avatar Mar 29 '19 09:03 boltbeard

It looks like you're authenticating correctly:

[I 2019-03-29 09:32:36.703 JupyterHub base:499] User logged in: firstname.lastname

...and that the issue is with the spawner:

Traceback (most recent call last):
File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
result = yield result
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1003, in get
raise copy.copy(exc).with_traceback(exc.traceback)
File "/opt/miniconda3/lib/python3.6/site-packages/tornado/web.py", line 1592, in _execute
result = yield result
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 1052, in get
await self.spawn_single_user(user)
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 705, in spawn_single_user
timedelta(seconds=self.slow_spawn_timeout), finish_spawn_future
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/handlers/base.py", line 626, in finish_user_spawn
await spawn_future
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 489, in spawn
raise e
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/user.py", line 409, in spawn
url = await gen.with_timeout(timedelta(seconds=spawner.start_timeout), f)
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1090, in start
env = self.get_env()
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1083, in get_env
env = self.user_env(env)
File "/opt/miniconda3/lib/python3.6/site-packages/jupyterhub/spawner.py", line 1070, in user_env
home = pwd.getpwnam(self.user.name).pw_dir
KeyError: "getpwnam(): name not found: 'firstname.lastname'"

I think it's related to https://github.com/jupyterhub/ldapauthenticator/issues/19

Searching for KeyError: "getpwnam(): name not found might bring up other issues which might have a resolution.

dhirschfeld avatar Mar 30 '19 00:03 dhirschfeld

So far I see that the only resolution is to use a LocalLDAPAuthenticator as on #36 but that still doesn't work as expected, When creating the users, given the AD log-in being of the form server-name\Name1.Name2, the home folder on the jupyterhob is essentially at \home\local\server-name\name1.name2. Using LocalLDAPAuthenticator it gets created in \home\nam1.name2. Is there a way to deal with this?

boltbeard avatar Mar 30 '19 09:03 boltbeard