Opened 8 years ago

Closed 8 years ago

#1089 closed enhancement (invalid)

LDAP password store

Reported by: eli.carter@… Owned by: mgood
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10


I need to use LDAP for username/passwords.

Attachments (1)

accountmanagerplugin-ldap-1.patch (5.1 KB) - added by eli.carter@… 8 years ago.
Proof-of-concept patch

Download all attachments as: .zip

Change History (6)

Changed 8 years ago by eli.carter@…

Proof-of-concept patch

comment:1 Changed 8 years ago by eli.carter@…

Version 1 of this patch is a very rough implementation of an LDAP password store. It does not currently support changing passwords, deleting users, or anonymous binds. It ignores the protocol setting. Very large or slow LDAP directories will likely cause it problems. It has been only lightly tested so far.

Comments welcome. I'd like to see this (eventually) merged into AccountManagerPlugin once the quality is high enough.

comment:2 Changed 8 years ago by athomas

What capabilities does this provide beyond the LdapPlugin?

I think it's very unlikely that changing passwords, adding users, or deleting users (which looks like the only extra capability having this in AccountManagerPlugin would provide) would be wanted from within Trac as LDAP within enterprises usually wish to limit these actions.

comment:3 Changed 8 years ago by eli.carter@…

Use of the login form, which allows a real logout. I did not see a way to do that with LdapPlugin.

comment:4 Changed 8 years ago by eli.carter@…

Actually, to be more precise: LdapPlugin lets you store the permissions information in LDAP, but it leaves the LDAP authenticated login to Apache. And that implies no login form, and no real logout.

You might be able to use both LdapPlugin and this patch together, but I have not tried. (You would also wind up having some duplicated config info in trac.ini.)

comment:5 Changed 8 years ago by eli.carter@…

  • Resolution set to invalid
  • Status changed from new to closed

Ahhhhh..... the undocumented HttpAuthStore will do what I want. So, I added documentation for it.

Add Comment

Modify Ticket

as closed The owner will remain mgood.
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.