Version Next

Security — JupyterLab

The tdp-jupyter chart uses DummyAuthenticator authentication by default (username and password in the values file) and allows optional LDAP via ldapauthenticator.LDAPAuthenticator.

Default authentication

tdp-jupyter:
  hub:
    config:
      JupyterHub:
        authenticator_class: dummy
      DummyAuthenticator:
        username: admin
        password: tdp-password

warning

Suitable only for development; change the password (or the authentication method) in production.

LDAP (example)

tdp-jupyter:
  hub:
    config:
      JupyterHub:
        authenticator_class: ldapauthenticator.LDAPAuthenticator
      LDAPAuthenticator:
        server_address: "ldap.example.org"
        server_port: 389
        tls_strategy: "insecure"
        user_attribute: "uid"
        bind_dn_template:
          - "uid={username},cn=users,cn=accounts,dc=example,dc=com"
    extraConfig:
      ldap-config: |
        c.Authenticator.allow_all = True

The allow_all block is optional and is useful for testing; in production, restrict access using the policies supported by the LDAPAuthenticator version of your JupyterHub (refer to the official JupyterHub documentation for allowed_groups and user lists).

Referenced Parameters

Area	Usage
`LDAPAuthenticator.server_address` / `server_port`	LDAP server
`tls_strategy`	TLS mode (e.g. `insecure` in the example)
`bind_dn_template`	User DN template
`user_attribute`	Login attribute

Troubleshooting

Problem	Solution
LDAP login failure	Check `bind_dn_template`, connectivity, and attributes
Hub does not start	Validate `extraConfig` / YAML syntax

Default authentication​

LDAP (example)​

Referenced Parameters​

Troubleshooting​

Default authentication

LDAP (example)

Referenced Parameters

Troubleshooting