Setting up JuyterHub for AD (or LDAP) Authentication
Covering basic config for AD and Jupyter
This is reasonably straight forward - you might get caught with an issue with the following though
c.LDAPAuthenticator.bind_dn_templateHere is the config
c.LDAPAuthenticator.lookup_dn_search_user = 'service_account'
c.LDAPAuthenticator.lookup_dn_search_password = 'password'
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
c.LDAPAuthenticator.server_address = 'ldap://server'
c.LDAPAuthenticator.bind_dn_template = 'domain\{username}'
c.LDAPAuthenticator.lookup_dn = False
c.LDAPAuthenticator.user_search_base = 'OU=Corporate Services,OU=Users,OU=Agencies,DC=domain,DC=sub,DC=tld'
c.LDAPAuthenticator.user_attribute = 'sAMAccountName'
c.LDAPAuthenticator.allowed_groups = []
c.Spawner.default_url = '/lab'
c.Spawner.notebook_dir = '~'
c.JupyterHub.spawner_class = 'systemdspawner.SystemdSpawner'
c.SystemdSpawner.default_shell = '/usr/bin/zsh'
c.SystemdSpawner.username_template = 'jupyter-{username}'
c.SystemdSpawner.unit_name_template = 'jupyter-singleuser'
c.SystemdSpawner.disable_user_sudo = False
c.SystemdSpawner.dynamic_users = True
def start_user(spawner):
import os, pwd, grp
username = spawner.user.name
path = os.path.join('/usr/share/notebooks', username)
if not os.path.exists(path):
os.mkdir(path, 0o755)
uid = pwd.getpwnam(username).pw_uid
gid = grp.getgrnam(username).gr_gid
os.chown(path, uid, gid)