-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup_ldap_hook_test_config.py
82 lines (69 loc) · 2.35 KB
/
setup_ldap_hook_test_config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# Example config
from jhubauthenticators import RegexUsernameParser
from ldap_hooks import setup_ldap_entry_hook
from ldap_hooks import (
LDAP,
LDAP_SEARCH_ATTRIBUTE_QUERY,
SPAWNER_SUBMIT_DATA,
INCREMENT_ATTRIBUTE,
SPAWNER_USER_ATTRIBUTE,
)
c = get_config()
c.JupyterHub.ip = "0.0.0.0"
c.JupyterHub.hub_ip = "0.0.0.0"
c.JupyterHub.port = 80
# Spawner setup
c.JupyterHub.spawner_class = "dockerspawner.DockerSpawner"
c.DockerSpawner.image = "ucphhpc/base-notebook:latest"
c.DockerSpawner.pre_spawn_hook = setup_ldap_entry_hook
# Authenticator setup
c.JupyterHub.authenticator_class = "jhubauthenticators.HeaderAuthenticator"
c.HeaderAuthenticator.enable_auth_state = True
c.HeaderAuthenticator.allowed_headers = {"auth": "Remote-User"}
c.HeaderAuthenticator.header_parser_classes = {"auth": RegexUsernameParser}
c.HeaderAuthenticator.user_external_allow_attributes = ["data"]
# Email regex
RegexUsernameParser.username_extract_regex = (
"([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]" "+\.[a-zA-Z0-9-.]+)"
)
c.DockerSpawner.pre_spawn_hook = setup_ldap_entry_hook
# Define LDAP connection options
LDAP.url = "openldap"
LDAP.user = "cn=admin,dc=migrid,dc=org"
LDAP.password = "dummyldap_password"
LDAP.base_dn = "dc=migrid,dc=org"
# LDAP get dn to submit to the DIT
LDAP.submit_spawner_attribute = "user.data"
LDAP.submit_spawner_attribute_keys = ("User", "CERT")
# Prepare LDAP object
LDAP.replace_object_with = {"/": "+"}
# Dynamic attributes and where to find the value
LDAP.dynamic_attributes = {
"emailAddress": SPAWNER_SUBMIT_DATA,
"name": SPAWNER_USER_ATTRIBUTE,
"uidNumber": LDAP_SEARCH_ATTRIBUTE_QUERY,
}
LDAP.set_spawner_attributes = {
"environment": {"NB_USER": "{name}", "NB_UID": "{uidNumber}"},
}
# Attributes used to check whether the ldap data
# of type object_classes already exists
LDAP.search_attribute_queries = [
{
"search_base": LDAP.base_dn,
"search_filter": "(objectclass=x-nextUserIdentifier)",
"attributes": ["uidNumber"],
}
]
modify_dn = "cn=uidNext" + "," + LDAP.base_dn
LDAP.search_result_operations = {
"uidNumber": {"action": INCREMENT_ATTRIBUTE, "modify_dn": modify_dn}
}
# Submit object settings
LDAP.object_classes = ["x-certsDistinguishedName", "PosixAccount"]
LDAP.object_attributes = {
"uid": "{name}",
"uidNumber": "{uidNumber}",
"gidNumber": "100",
"homeDirectory": "/home/{name}",
}