- Fix parsing of search response #294 (@consideRatio, @manics)
- Document configuring TLS ciphers and log a link to it on raised handshake error #297 (@consideRatio, @manics, )
- Test bind_dn_template more thoroughly #290 (@manics, @consideRatio)
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@consideRatio (activity) | @franciscaestecker (activity) | @franciscaestecker-bb (activity) | @manics (activity)
- fix: Ensure a list
bind_dn_templateis properly validated #289 (@mahendrapaipuri)
(GitHub contributors page for this release)
-
python>=3.9,jupyterhub>=4.1.6, andldap3>=2.9.1is now required. (#245, #256) -
Configuring
auth_state_attributesnow leads to user information being put inauth_state["user_attributes"]and not directly inauth_state. (#269) -
use_lookup_dn_usernamenow defaults to False and is opt-in instead of opt-out. To retain previous behavior if you hadlookup_dnset True withoutuse_lookup_dn_usernameexplicitly set, configureuse_lookup_dn_usernameto True. (#280) -
lookup_dnnow rejects an authenticating user if multiple DNs are returned during lookup. (#276) -
In the edge case if both...
- the following config is used:
lookup_dn = True,lookup_dn_user_dn_attribute = "cn"use_lookup_dn_username = True(previous default value)
- and one or more users previously signed in at least once had a comma in
their
cnattribute's value
then such users will get a new JupyterHub username going forward looking like
"lastname, firstname"instead of looking like"lastname\\, firstname". (#267) - the following config is used:
use_sslhas been deprecated, instead configuretls_strategygoing forward. Configuringuse_ssl=Trueshould be updated withtls_strategy="on_connect", and configuringuse_ssl=Falsecould be updated to either betls_strategy="before_bind"(default) ortls_strategy="insecure". (#258)escape_userdnhas been deprecated, usernames used to construct DNs are now always escaped according to LDAP protocol specification of how DNs should be represented in string format. (#267)
- Add LDAPAuthenticator.version_info #282 (@consideRatio)
- Add
tls_kwargsconfig to configure underlying ldap3 package tls #273 (@consideRatio, @minrk) - Add
tls_strategyand deprecateuse_ssl#258 (@consideRatio, @manics, @loic-vial, @1kastner) - Allow users to configure group search filter and attributes (
group_search_filterandgroup_attributesconfig) #168 (@kinow, @consideRatio, @manics, @ordlucas, @mananpreetsingh)
- Docs updates, and a few tweaks to the allow config #286 (@manics, @minrk)
- Register authenticator class with jupyterhub as ldap #249 (@consideRatio, @minrk)
- Require a unique DN to be found when using lookup_dn #276 (@consideRatio, @minrk)
- Fix duplicated bind operation, only one is needed #270 (@consideRatio, @minrk)
- Escape username within DN correctly and remove
escape_userdn#267 (@consideRatio, @minrk) - Escape user- or ldap-provided strings in ldap search filters #238 (@m-erhardt, @consideRatio)
- Remove empty scripts file #287 (@manics, @minrk)
- Comment consistently about escape_rdn and escape_filter_chars #284 (@consideRatio)
- Validate config on startup when possible (allowed_groups, lookup_dn, bind_dn_template) #283 (@consideRatio)
- tests: pass config to constructor instead of configuring after #281 (@consideRatio)
- Change
use_lookup_dn_usernamedefault value to False #280 (@consideRatio) - Fix a log message about lookup_dn_user_dn_attribute #278 (@consideRatio)
- refactor: distinguish login_username from resolved_username #277 (@consideRatio)
- Add missing docs for
search_filterandattributesand improve logging forsearch_filter#275 (@consideRatio, @minrk) - Improve logging, docstring, and variable naming in
resolve_usernamefunction #274 (@consideRatio, @minrk) - align
allowed_groupswith otherallowed_config, consistent in JupyterHub 5 #269 (@minrk, @consideRatio, @manics) - refactor: specify param names for Connection.search consistently #268 (@consideRatio)
- refactor: reduce use of temporary variables #264 (@consideRatio)
- Relocate example snippet from code to readme #257 (@consideRatio)
- Require ldap3 2.9.1+ released 2021 (currently latest) as a lower bound #256 (@consideRatio)
- Transition to async functions and remove tornado dependency #255 (@consideRatio)
- tests: avoid reuse of authenticator fixture between tests and add docstring #254 (@consideRatio)
- Fix incorrect log message (debug level) #252 (@consideRatio)
- refactor: reduce use of temporary variables like msg for logging #251 (@consideRatio)
- refactor: put validation logic in traitlets validation functions #250 (@consideRatio, @minrk)
- Update ldap testing server to the latest available version #247 (@consideRatio)
- Require jupyterhub 4.1.6+ and Python 3.9+ #245 (@consideRatio, @minrk)
- Fix traitlets warnings when running tests #169 (@kinow, @minrk, @manics)
- Docs updates, and a few tweaks to the allow config #286 (@manics, @minrk)
- docs: update a few config descriptions #279 (@consideRatio)
- docs: fix readme example based on investigation by MakarovDi #262 (@consideRatio)
- docs: add two docstrings and fix an example in another #248 (@consideRatio)
- Update README.md with details on jupyterhub_config.py #242 (@jdkruzr, @consideRatio)
- Update README.md #228 (@ehooi, @yuvipanda)
- Add study participation notice to readme #197 (@sgibson91, @yuvipanda, @manics)
- ci: test jupyterhub 5 and python 3.12, refresh github workflows #244 (@consideRatio)
- ci: fix testing ldap server port mapping for broken gate #192 (@bloodeagle40234, @manics)
- ci: Replace Travis with GitHub workflow #188 (@manics, @consideRatio)
The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.
(GitHub contributors page for this release)
@1kastner (activity) | @Aethylred (activity) | @bloodeagle40234 (activity) | @brindapabari (activity) | @consideRatio (activity) | @Cronan (activity) | @dhirschfeld (activity) | @dmpe (activity) | @edergillian (activity) | @ehooi (activity) | @GlennHD (activity) | @healinyoon (activity) | @jdkruzr (activity) | @kinow (activity) | @loic-vial (activity) | @m-erhardt (activity) | @mananpreetsingh (activity) | @manics (activity) | @mannevijayakrishna (activity) | @marcusianlevine (activity) | @marty90 (activity) | @minrk (activity) | @mk-raven (activity) | @Nikolai-Hlubek (activity) | @nylocx (activity) | @ordlucas (activity) | @Ownercz (activity) | @ragul-inv (activity) | @reinierpost (activity) | @sebastian-luna-valero (activity) | @sgibson91 (activity) | @wiltonsr (activity) | @wsuzume (activity) | @ygean (activity) | @yuvipanda (activity)
- Avoid binding the connection twice #142 (@m2hofi94)
- Gracefully handle username lookups with list return values #117 (@metrofun)
- Misc cleanup + fixes #95 (@dhirschfeld) - Empty DN templates are now ignored,
search_filterandallowed_groupsare no longer mutually exclusive.
- Allow authentication with empty bind_dn_template when using lookup_dn #106 (@behrmann)
- Ignore username returned by
resolve_username#105 (@behrmann) -use_lookup_dn_usernameconfiguration option added. - Lookup additional LDAP user info #103 (@manics) -
user_info_attributesis now saved inauth_statefor a valid user.
- Fix CI linting failures and add testing of Py38 #157 (@consideRatio)
- Add long description for pypi #155 (@manics)
- Add badges according to team-compass #154 (@consideRatio)
- Travis deploy tags to PyPI #153 (@manics)
- Add bind_dn_template to Active Directory instructions #147 (@irasnyd)
- Expand contributor's guide #135 (@marcusianlevine)
- Add Travis CI setup and simple tests #134 (@marcusianlevine)
- Update project url in setup.py #92 (@dhirschfeld)
- Update README.md #85 (@dhirschfeld)
- Bump version to 1.2.2 #84 (@dhirschfeld)
(GitHub contributors page for this release)
@behrmann | @betatim | @consideRatio | @dhirschfeld | @irasnyd | @m2hofi94 | @manics | @marcusianlevine | @meeseeksmachine | @metrofun | @ramkrishnan8994 | @titansmc | @yuvipanda
Minor patch release for incorrectly escaping commas in resolved_username
- Fix comma escape in
resolved_username#83 (@dhirschfeld)
- Add manifest to package license #74 (@mariusvniekerk) - Adds license file to the sdist
(GitHub contributors page for this release)
@dhirschfeld | @mariusvniekerk
Minor patch release for bug in resolved_username regex.
- Fix resolved_username regex #75 (@dhirschfeld)
- Improve packaging #77 (@dhirschfeld) - Decoupled runtime dependencies from the build process
- Minor cleanup of setup.py #73 (@dhirschfeld)
- Escape comma in resolved_username #68 (@dhirschfeld)
- Fixed really bad error #64 (@jcrubioa)
- Don't force TLS bind if not using SSL. #61 (@GrahamDumpleton)
- Catch exception thrown in getConnection #56 (@dhirschfeld)
- Update LICENSE #48 (@fm75)
- Switching to StartTLS instead of ssl #46 (@toxadx)
- Add yuvipanda's description of local user creation #43 (@willingc)
- Update ldapauthenticator.py #40 (@sauloal)
- import union traitlet #34 (@dirkcgrunwald)
- User CN name lookup with specific query #32 (@mateuszboryn)
- Add better documentation for traitlets #26 (@yuvipanda)
- Extending ldapauthenticator to allow arbitrary LDAP search-filters #24 (@nklever)
- Support for multiple bind templates #23 (@kishorchintal)
@beenje | @deebuls | @dhirschfeld | @dirkcgrunwald | @fm75 | @GrahamDumpleton | @jcrubioa | @kishorchintal | @mateuszboryn | @minrk | @nklever | @pratik705 | @sauloal | @toxadx | @willingc | @yuvipanda
- More options for ldap group membership #22 (@m0zes)
- Add info on invalidating existing logins #18 (@yuvipanda)
- Add more verbose logging for login failures #17 (@yuvipanda)
- Clarify usage of 'c.' #16 (@yuvipanda)
- Add support for looking up the account DN post-bind #12 (@skemper)
@m0zes | @minrk | @skemper | @yuvipanda
Initial release.