ISTI-ansible-roles
/
ansible-role-jupyter
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ldap: ssl and group filters support.

This commit is contained in:
Andrea Dell'Amico 2021-03-24 18:54:06 +01:00
parent c1587f38c4
commit 9671f3a3d7
2 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
defaults/main.yml
View File

@ -35,7 +35,8 @@ jupyter_hub_logo_file: ''
jupyter_hub_concurred_named_servers_limit: 0 jupyter_hub_concurred_named_servers_limit: 0
jupyter_hub_ldap_authentication: False jupyter_hub_ldap_authentication: False
jupyter_hub_ldap_server_address: 'ldap://localhost' jupyter_hub_ldap_server_address: 'localhost'
jupyter_hub_ldap_ssl: True
jupyter_hub_ldap_bind_dn_template: 'uid={username},ou=Users,dc=example,dc=org' jupyter_hub_ldap_bind_dn_template: 'uid={username},ou=Users,dc=example,dc=org'
jupyter_hub_ldap_lookup_dn: False jupyter_hub_ldap_lookup_dn: False
jupyter_hub_ldap_anonymous_bind: True jupyter_hub_ldap_anonymous_bind: True
@ -44,6 +45,10 @@ jupyter_hub_ldap_bind_user_pwd: 'use a vault'
jupyter_hub_ldap_user_search_base: 'dc=example,dc=org' jupyter_hub_ldap_user_search_base: 'dc=example,dc=org'
jupyter_hub_ldap_user_attribute: 'uid' jupyter_hub_ldap_user_attribute: 'uid'
jupyter_hub_ldap_user_search_filter: '(&(objectClass=posixAccount)(uid={username}))' jupyter_hub_ldap_user_search_filter: '(&(objectClass=posixAccount)(uid={username}))'
jupyter_hub_ldap_group_filter: False
jupyter_hub_ldap_allowed_groups: []
# - "cn=researcher,ou=groups,dc=example,dc=org",
# - "cn=operations,ou=groups,dc=example,dc=org",
jupyter_is_hadoop_node: False jupyter_is_hadoop_node: False
jupyter_spark_scala_version: '2.11.12' jupyter_spark_scala_version: '2.11.12'

15
templates/jupyterhub_config.py.j2
View File

@ -90,16 +90,25 @@ c.JupyterHub.admin_access = {{ jupyter_hub_admin_access }}
{% if jupyter_hub_ldap_authentication %} {% if jupyter_hub_ldap_authentication %}
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator' c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address ="{{ jupyter_hub_ldap_server_address }}" c.LDAPAuthenticator.server_address = '{{ jupyter_hub_ldap_server_address }}'
c.LDAPAuthenticator.bind_dn_template = ["{{ jupyter_hub_ldap_bind_dn_template }}"] c.LDAPAuthenticator.use_ssl = {{ jupyter_hub_ldap_ssl }}
c.LDAPAuthenticator.lookup_dn = {{ jupyter_hub_ldap_lookup_dn }} c.LDAPAuthenticator.server_port = {% if jupyter_hub_ldap_ssl %}636{% else %}389{% endif %}
{% if not jupyter_hub_ldap_anonymous_bind %} {% if not jupyter_hub_ldap_anonymous_bind %}
c.LDAPAuthenticator.bind_user_dn = '{{ jupyter_hub_ldap_bind_user_dn }}' c.LDAPAuthenticator.bind_user_dn = '{{ jupyter_hub_ldap_bind_user_dn }}'
c.LDAPAuthenticator.bind_user_password = {{ jupyter_hub_ldap_bind_user_pwd }} c.LDAPAuthenticator.bind_user_password = {{ jupyter_hub_ldap_bind_user_pwd }}
{% endif %} {% endif %}
c.LDAPAuthenticator.bind_dn_template = ["{{ jupyter_hub_ldap_bind_dn_template }}"]
c.LDAPAuthenticator.lookup_dn = {{ jupyter_hub_ldap_lookup_dn }}
c.LDAPAuthenticator.user_search_base = '{{ jupyter_hub_ldap_user_search_base }}' c.LDAPAuthenticator.user_search_base = '{{ jupyter_hub_ldap_user_search_base }}'
c.LDAPAuthenticator.user_attribute = '{{ jupyter_hub_ldap_user_attribute }}' c.LDAPAuthenticator.user_attribute = '{{ jupyter_hub_ldap_user_attribute }}'
c.LDAPAuthenticator.search_filter = '{{ jupyter_hub_ldap_user_search_filter }}' c.LDAPAuthenticator.search_filter = '{{ jupyter_hub_ldap_user_search_filter }}'
{% if jupyter_hub_ldap_group_filter %}
c.LDAPAuthenticator.allowed_groups = [
{% for group in jupyter_hub_ldap_allowed_groups %}
"{{ group }}",
{% endfor %}
]
{% endif %}
{% endif %} {% endif %}
#c.JupyterHub.authenticator_class = 'jupyterhub.auth.DummyAuthenticator' #c.JupyterHub.authenticator_class = 'jupyterhub.auth.DummyAuthenticator'