Update dependency jupyterhub-ldapauthenticator to v2

This MR contains the following updates:

Package	Update	Change
jupyterhub-ldapauthenticator	major	==1.3.2 -> ==2.0.0

---

⚠ Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

jupyterhub/ldapauthenticator (jupyterhub-ldapauthenticator)

v2.0.0

Compare Source

(full changelog)

Breaking Changes

• python>=3.9, jupyterhub>=4.1.6, and ldap3>=2.9.1 is now required. (#​245, #​256)

• Configuring auth_state_attributes now leads to user information being put in auth_state["user_attributes"] and not directly in auth_state. (#​269)

• use_lookup_dn_username now defaults to False and is opt-in instead of opt-out. To retain previous behavior if you had lookup_dn set True without use_lookup_dn_username explicitly set, configure use_lookup_dn_username to True. (#​280)

• lookup_dn now rejects an authenticating user if multiple DNs are returned during lookup. (#​276)

• In the edge case if both...

  1. the following config is used:
     • lookup_dn = True,
     • lookup_dn_user_dn_attribute = "cn"
     • use_lookup_dn_username = True (previous default value)
  2. and one or more users previously signed in at least once had a comma in their cn attribute's value

  then such users will get a new JupyterHub username going forward looking like "lastname, firstname" instead of looking like "lastname\\, firstname". (#​267)

Deprecations

• use_ssl has been deprecated, instead configure tls_strategy going forward. Configuring use_ssl=True should be updated with tls_strategy="on_connect", and configuring use_ssl=False could be updated to either be tls_strategy="before_bind" (default) or tls_strategy="insecure". (#​258)
• escape_userdn has been deprecated, usernames used to construct DNs are now always escaped according to LDAP protocol specification of how DNs should be represented in string format. (#​267)

New features added

• Add LDAPAuthenticator.version_info #​282 (@​consideRatio)
• Add tls_kwargs config to configure underlying ldap3 package tls #​273 (@​consideRatio, @​minrk)
• Add tls_strategy and deprecate use_ssl #​258 (@​consideRatio, @​manics, @​loic-vial, @​1kastner)
• Allow users to configure group search filter and attributes (group_search_filter and group_attributes config) #​168 (@​kinow, @​consideRatio, @​manics, @​ordlucas, @​mananpreetsingh)

Enhancements made

• Docs updates, and a few tweaks to the allow config #​286 (@​manics, @​minrk)
• Register authenticator class with jupyterhub as ldap #​249 (@​consideRatio, @​minrk)

Bugs fixed

• Require a unique DN to be found when using lookup_dn #​276 (@​consideRatio, @​minrk)
• Fix duplicated bind operation, only one is needed #​270 (@​consideRatio, @​minrk)
• Escape username within DN correctly and remove escape_userdn #​267 (@​consideRatio, @​minrk)
• Escape user- or ldap-provided strings in ldap search filters #​238 (@​m-erhardt, @​consideRatio)

Maintenance and upkeep improvements

• Remove empty scripts file #​287 (@​manics, @​minrk)
• Comment consistently about escape_rdn and escape_filter_chars #​284 (@​consideRatio)
• Validate config on startup when possible (allowed_groups, lookup_dn, bind_dn_template) #​283 (@​consideRatio)
• tests: pass config to constructor instead of configuring after #​281 (@​consideRatio)
• Change use_lookup_dn_username default value to False #​280 (@​consideRatio)
• Fix a log message about lookup_dn_user_dn_attribute #​278 (@​consideRatio)
• refactor: distinguish login_username from resolved_username #​277 (@​consideRatio)
• Add missing docs for search_filter and attributes and improve logging for search_filter #​275 (@​consideRatio, @​minrk)
• Improve logging, docstring, and variable naming in resolve_username function #​274 (@​consideRatio, @​minrk)
• align allowed_groups with other allowed_ config, consistent in JupyterHub 5 #​269 (@​minrk, @​consideRatio, @​manics)
• refactor: specify param names for Connection.search consistently #​268 (@​consideRatio)
• refactor: reduce use of temporary variables #​264 (@​consideRatio)
• Relocate example snippet from code to readme #​257 (@​consideRatio)
• Require ldap3 2.9.1+ released 2021 (currently latest) as a lower bound #​256 (@​consideRatio)
• Transition to async functions and remove tornado dependency #​255 (@​consideRatio)
• tests: avoid reuse of authenticator fixture between tests and add docstring #​254 (@​consideRatio)
• Fix incorrect log message (debug level) #​252 (@​consideRatio)
• refactor: reduce use of temporary variables like msg for logging #​251 (@​consideRatio)
• refactor: put validation logic in traitlets validation functions #​250 (@​consideRatio, @​minrk)
• Update ldap testing server to the latest available version #​247 (@​consideRatio)
• Require jupyterhub 4.1.6+ and Python 3.9+ #​245 (@​consideRatio, @​minrk)
• Fix traitlets warnings when running tests #​169 (@​kinow, @​minrk, @​manics)

Documentation improvements

• Docs updates, and a few tweaks to the allow config #​286 (@​manics, @​minrk)
• docs: update a few config descriptions #​279 (@​consideRatio)
• docs: fix readme example based on investigation by MakarovDi #​262 (@​consideRatio)
• docs: add two docstrings and fix an example in another #​248 (@​consideRatio)
• Update README.md with details on jupyterhub_config.py #​242 (@​jdkruzr, @​consideRatio)
• Update README.md #​228 (@​ehooi, @​yuvipanda)
• Add study participation notice to readme #​197 (@​sgibson91, @​yuvipanda, @​manics)

Continuous integration improvements

• ci: test jupyterhub 5 and python 3.12, refresh github workflows #​244 (@​consideRatio)
• ci: fix testing ldap server port mapping for broken gate #​192 (@​bloodeagle40234, @​manics)
• ci: Replace Travis with GitHub workflow #​188 (@​manics, @​consideRatio)

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​1kastner (activity) | @​Aethylred (activity) | @​bloodeagle40234 (activity) | @​brindapabari (activity) | @​consideRatio (activity) | @​Cronan (activity) | @​dhirschfeld (activity) | @​dmpe (activity) | @​edergillian (activity) | @​ehooi (activity) | @​GlennHD (activity) | @​healinyoon (activity) | @​jdkruzr (activity) | @​kinow (activity) | @​loic-vial (activity) | @​m-erhardt (activity) | @​mananpreetsingh (activity) | @​manics (activity) | @​mannevijayakrishna (activity) | @​marcusianlevine (activity) | @​marty90 (activity) | @​minrk (activity) | @​mk-raven (activity) | @​Nikolai-Hlubek (activity) | @​nylocx (activity) | @​ordlucas (activity) | @​Ownercz (activity) | @​ragul-inv (activity) | @​reinierpost (activity) | @​sebastian-luna-valero (activity) | @​sgibson91 (activity) | @​wiltonsr (activity) | @​wsuzume (activity) | @​ygean (activity) | @​yuvipanda (activity)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.