我使用Docker设置和LDAP服务器(https://github.com/osixia/docker-openldap)以及在同一台机器上安装Jupyterhub。不幸的是,LDAP服务器和JupyterHub之间的连接无法正常工作。这些行对应于jupyterhub_config.py
:中的LDAP验证
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address = '192.168.48.2' # Docker Container IP of openldap
c.LDAPAuthenticator.lookup_dn = True
c.LDAPAuthenticator.use_ssl = False
# c.LDAPAuthenticator.bind_dn_template = ["cn={username},dc=example,dc=com"]
(在最后两行之间切换没有区别。(
当我尝试登录JupyterHub登录页面时,会弹出以下错误:
ldap3.core.exceptions.LDAPSocketSendError: socket sending error[Errno 32] Broken pipe
我可以";访问";使用ldapsearch:从命令行创建LDAP数据库
ldapsearch -x -H ldap://192.168.48.2 -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -w password
禁用防火墙也没有什么区别(考虑了Docker(openldap(和jupyterhub之间的一些网络问题(。
jupyterhub==1.1.0
jupyterhub-ldapauthenticator==1.3.2
我能够在JupyterHub:之外用ldap3
重现这个问题
# Get IP of dockerized OpenLDAP
import docker
client = docker.DockerClient()
container = client.containers.get("openldap")
ip_add = container.attrs['NetworkSettings']['Networks']['ldap_default']['IPAddress']
# Check Connection
from ldap3 import Server, Connection, ALL
server = Server(ip_add,use_ssl=False,port=389)
conn = Connection(server)
print(conn.bind(read_server_info=True))
> True
当我现在用ssl=True
替换ssl=False
时,它返回与JupyterHub:相同的错误
# Check Connection
from ldap3 import Server, Connection, ALL
server = Server(ip_add,use_ssl=True,port=636
conn = Connection(server)
print(conn.bind(read_server_info=True))
Traceback (most recent call last):
File "test_connection.py", line 11, in <module>
print(conn.bind(read_server_info=True))
File "/opt/anaconda3/lib/python3.8/site-packages/ldap3/core/connection.py", line 590, in bind
response = self.post_send_single_response(self.send('bindRequest', request, controls))
File "/opt/anaconda3/lib/python3.8/site-packages/ldap3/strategy/base.py", line 330, in send
self.sending(ldap_message)
File "/opt/anaconda3/lib/python3.8/site-packages/ldap3/strategy/base.py", line 882, in sending
raise communication_exception_factory(LDAPSocketSendError, type(e)(str(e)))(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketSendError: socket sending error[Errno 32] Broken pipe
这似乎与SSL/TLS/StartTLS有关。如果我在jupyterhub_config.py
中禁用ssl
,则Authenticator将(尝试(使用StartTLS进行升级。
LDAAuthenticator.use_ssl
布尔值,用于指定在联系时是否使用SSL加密LDAP服务器。如果保留为False(默认值(LDAAuthenticator将尝试使用StartTLS升级连接。将此设置为True启动SSL连接。(网址:https://github.com/jupyterhub/ldapauthenticator:(
尝试替换:
c.LDAPAuthenticator.server_address= 'ldaps://192.168.48.2:636' or 'ladp://192.168.48.2:389'
636和389是ldaps和ldap-的默认端口