Hello Raymond, in the link you posted, the author decided to ignore the server certificate. While this is a common "solution" for accepting non-default certificates, it is also insecure.
On a high level, you need to tell the TLS/SSL logic to trust the certificate which the administrator gave you. This can either be done by adding the certificate to the default trust store, or by specifying a custom trust store with that certificate when opening the LDAPS connection. I'd prefer the second approach, because that certificate is only useful for the LDAPS connections. For the first approach, you'll need to figure out which trust store is being used. If it is the one from the certifi package, you can update it as described here: https://incognitjoe.github.io/adding-certs-to-requests.html For the second approach, this is where the LDAP connection is being opened: https://github.com/jupyterhub/ldapauthenticator/blob/master/ldapauthenticator/ldapauthenticator.py#L276 And here's some documentation for configuring TLS with ldap3: https://ldap3.readthedocs.io/ssltls.html I'm afraid there's a gap here, because the code uses a Connection object, while the documentation talks about a Server object. But maybe someone more familiar with the APIs can provide further guidance. hope this helps, Roland -- You received this message because you are subscribed to the Google Groups "Project Jupyter" group. To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+unsubscr...@googlegroups.com. To post to this group, send email to jupyter@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/e4772688-cc26-4a5e-82b8-7a007b24627f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
