From 9b31cb362dbaa8e271bf55c5dd31affe0c97e1f8 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 15 Sep 2024 07:56:56 +0200 Subject: [PATCH] Relocate example snippet from code to readme --- README.md | 39 ++++++++++++++++++++++++++ ldapauthenticator/ldapauthenticator.py | 23 --------------- 2 files changed, 39 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index e2da005..89f6c20 100644 --- a/README.md +++ b/README.md @@ -249,3 +249,42 @@ JupyterHub create local accounts using the LDAPAuthenticator. Issue [#19](https://github.com/jupyterhub/ldapauthenticator/issues/19) provides additional discussion on local user creation. + +## Testing LDAPAuthenticator without JupyterHub + +This script can be written to a file such as `test_ldap_auth.py`, and run with +`python test_ldap_auth.py`, to test use of LDAPAuthenticator with a given config +without involving JupyterHub. + +If the authenticator works, this script should print either None or a username +depending if the user was considered allowed access. + +```python +import asyncio +import getpass + +from traitlets.config import Config +from ldapauthenticator import LDAPAuthenticator + +# Configure LDAPAuthenticator below to work against your ldap server +c = Config() +c.LDAPAuthenticator.server_address = "ldap.organisation.org" +c.LDAPAuthenticator.server_port = 636 +c.LDAPAuthenticator.bind_dn_template = "uid={username},ou=people,dc=organisation,dc=org" +c.LDAPAuthenticator.user_attribute = "uid" +c.LDAPAuthenticator.user_search_base = "ou=people,dc=organisation,dc=org" +c.LDAPAuthenticator.attributes = ["uid", "cn", "mail", "ou", "o"] +# The following is an example of a search_filter which is build on LDAP AND and OR operations +# here in this example as a combination of the LDAP attributes 'ou', 'mail' and 'uid' +sf = "(&(o={o})(ou={ou}))".format(o="yourOrganisation", ou="yourOrganisationalUnit") +sf += "(&(o={o})(mail={mail}))".format(o="yourOrganisation", mail="yourMailAddress") +c.LDAPAuthenticator.search_filter = f"(&({{userattr}}={{username}})(|{sf}))" + +# Run test +authenticator = LDAPAuthenticator(config=c) +username = input("Username: ") +password = getpass.getpass() +data = dict(username=username, password=password) +return_value = asyncio.run(authenticator.authenticate(None, data)) +print(return_value) +``` diff --git a/ldapauthenticator/ldapauthenticator.py b/ldapauthenticator/ldapauthenticator.py index 0edad82..2fc97b0 100644 --- a/ldapauthenticator/ldapauthenticator.py +++ b/ldapauthenticator/ldapauthenticator.py @@ -450,26 +450,3 @@ async def authenticate(self, handler, data): self.log.debug("username:%s attributes:%s", username, user_info) return {"name": username, "auth_state": user_info} return username - - -if __name__ == "__main__": - import asyncio - import getpass - - c = LDAPAuthenticator() - c.server_address = "ldap.organisation.org" - c.server_port = 636 - c.bind_dn_template = "uid={username},ou=people,dc=organisation,dc=org" - c.user_attribute = "uid" - c.user_search_base = "ou=people,dc=organisation,dc=org" - c.attributes = ["uid", "cn", "mail", "ou", "o"] - # The following is an example of a search_filter which is build on LDAP AND and OR operations - # here in this example as a combination of the LDAP attributes 'ou', 'mail' and 'uid' - sf = "(&(o={o})(ou={ou}))".format(o="yourOrganisation", ou="yourOrganisationalUnit") - sf += "(&(o={o})(mail={mail}))".format(o="yourOrganisation", mail="yourMailAddress") - c.search_filter = f"(&({{userattr}}={{username}})(|{sf}))" - username = input("Username: ") - passwd = getpass.getpass() - data = dict(username=username, password=passwd) - rs = asyncio.run(c.authenticate(None, data)) - print(rs)