Changes between Version 1 and Version 2 of ActiveDirectoryAuthPlugin/GroupManagement


Ignore:
Timestamp:
Sep 17, 2012 7:08:43 PM (22 months ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ActiveDirectoryAuthPlugin/GroupManagement

    v1 v2  
    22= AD Group Management = 
    33 
    4 The plugin extends AD group membership into the trac namespace.  This means you can specify permissions for different groups of authenticated individuals.  
     4The plugin extends Directory group membership into the trac namespace.  This means you can specify permissions for different groups of authenticated individuals.  
     5 
     6== Theory == 
     7 LDAP maintains groups by defining the objectClass, and usually contains member or memberUID as the identifier for each person in a group.  When a request for a group, as defined in the permissions, is searched, the group is expanded to the members.  It's then used to match. 
     8 
     9== Usage ==  
     10 
     11 1. create the groups in the directory you'd like ( say cn=Staff,dc=home,dc=net )  
     12 2. add users to the groups 
     13 3. goto Admin -> Permissions and create a group by adding permissions to the group name as defined below. Ao for example use Grant Permission with 
     14    Subject: @staff 
     15    Permission: WIKI_EDIT 
     16 
     17'''NOTE:''' groups will NOT show up per user until they're defined from the Permissions page.  
     18== Validation == 
     19 To validate users, you'll need to login wiht perms to the TRAC_HOME directory .. and then use 
     20{{{ 
     21 me@here > sudo trac-admin /var/trac/mytrac permission list {user}  
     22}}} 
    523 
    624== Configuration == 
    725 
    826 Any groups found under the base_dn will be expanded into the name space 
    9   
    1027 - each group will have the name normalized by changing it to lower case, and changing spaces to underscores 
    1128 - the group name will be prefixed by an @ sign