Created
January 7, 2019 08:08
-
-
Save yuvipanda/ac136e9ad1b867ad5cf780136f26765d to your computer and use it in GitHub Desktop.
A JupyterHub authenticator that outsources to ldapsearch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
An authenticator that outsorces auth to ldapsearch! | |
Because LDAP is hard and old and terrible and you should not use it. | |
""" | |
import os | |
from jupyterhub.auth import Authenticator | |
import pexpect.exceptions | |
import pexpect.popen_spawn | |
from traitlets import Unicode | |
class LDAPSearchAuthenticator(Authenticator): | |
ldap_host = Unicode('', config=True) | |
user_template = Unicode('', config=True) | |
async def authenticate(self, handler, data): | |
username = data['username'] | |
user_dn = self.user_template.format(username=username) | |
environ = os.environ.copy() | |
environ['TERM'] = 'xterm' | |
command = [ | |
'ldapsearch', | |
'-Z', '-x', '-W', | |
'-h', self.ldap_host, | |
'-b', user_dn, '-D', user_dn, | |
user_dn, | |
] | |
child = pexpect.popen_spawn.PopenSpawn(command, env=environ) | |
try: | |
child.expect("Enter LDAP Password\:") | |
except pexpect.exceptions.EOF as e: | |
print(child, flush=True) | |
print(child.before, flush=True) | |
raise | |
child.sendline(data['password']) | |
print(' '.join(command), flush=True) | |
returncode = child.wait() | |
if returncode == 0: | |
return username | |
return None | |
c.JupyterHub.authenticator_class = LDAPSearchAuthenticator |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment