From 9671f3a3d7ed7b2b165a1168c0b0b18338c3a30f Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 24 Mar 2021 18:54:06 +0100 Subject: [PATCH] ldap: ssl and group filters support. --- defaults/main.yml | 7 ++++++- templates/jupyterhub_config.py.j2 | 15 ++++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8f3ca06..ffcf6d0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,7 +35,8 @@ jupyter_hub_logo_file: '' jupyter_hub_concurred_named_servers_limit: 0 jupyter_hub_ldap_authentication: False -jupyter_hub_ldap_server_address: 'ldap://localhost' +jupyter_hub_ldap_server_address: 'localhost' +jupyter_hub_ldap_ssl: True jupyter_hub_ldap_bind_dn_template: 'uid={username},ou=Users,dc=example,dc=org' jupyter_hub_ldap_lookup_dn: False jupyter_hub_ldap_anonymous_bind: True @@ -44,6 +45,10 @@ jupyter_hub_ldap_bind_user_pwd: 'use a vault' jupyter_hub_ldap_user_search_base: 'dc=example,dc=org' jupyter_hub_ldap_user_attribute: 'uid' jupyter_hub_ldap_user_search_filter: '(&(objectClass=posixAccount)(uid={username}))' +jupyter_hub_ldap_group_filter: False +jupyter_hub_ldap_allowed_groups: [] +# - "cn=researcher,ou=groups,dc=example,dc=org", +# - "cn=operations,ou=groups,dc=example,dc=org", jupyter_is_hadoop_node: False jupyter_spark_scala_version: '2.11.12' diff --git a/templates/jupyterhub_config.py.j2 b/templates/jupyterhub_config.py.j2 index 9412ef5..2783142 100644 --- a/templates/jupyterhub_config.py.j2 +++ b/templates/jupyterhub_config.py.j2 @@ -90,16 +90,25 @@ c.JupyterHub.admin_access = {{ jupyter_hub_admin_access }} {% if jupyter_hub_ldap_authentication %} c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator' -c.LDAPAuthenticator.server_address ="{{ jupyter_hub_ldap_server_address }}" -c.LDAPAuthenticator.bind_dn_template = ["{{ jupyter_hub_ldap_bind_dn_template }}"] -c.LDAPAuthenticator.lookup_dn = {{ jupyter_hub_ldap_lookup_dn }} +c.LDAPAuthenticator.server_address = '{{ jupyter_hub_ldap_server_address }}' +c.LDAPAuthenticator.use_ssl = {{ jupyter_hub_ldap_ssl }} +c.LDAPAuthenticator.server_port = {% if jupyter_hub_ldap_ssl %}636{% else %}389{% endif %} {% if not jupyter_hub_ldap_anonymous_bind %} c.LDAPAuthenticator.bind_user_dn = '{{ jupyter_hub_ldap_bind_user_dn }}' c.LDAPAuthenticator.bind_user_password = ‘{{ jupyter_hub_ldap_bind_user_pwd }}’ {% endif %} +c.LDAPAuthenticator.bind_dn_template = ["{{ jupyter_hub_ldap_bind_dn_template }}"] +c.LDAPAuthenticator.lookup_dn = {{ jupyter_hub_ldap_lookup_dn }} c.LDAPAuthenticator.user_search_base = '{{ jupyter_hub_ldap_user_search_base }}' c.LDAPAuthenticator.user_attribute = '{{ jupyter_hub_ldap_user_attribute }}' c.LDAPAuthenticator.search_filter = '{{ jupyter_hub_ldap_user_search_filter }}' +{% if jupyter_hub_ldap_group_filter %} +c.LDAPAuthenticator.allowed_groups = [ +{% for group in jupyter_hub_ldap_allowed_groups %} + "{{ group }}", +{% endfor %} +] +{% endif %} {% endif %} #c.JupyterHub.authenticator_class = 'jupyterhub.auth.DummyAuthenticator'