Changes between Version 7 and Version 8 of ActiveDirectoryAuthPlugin


Ignore:
Timestamp:
Jul 25, 2012 9:13:32 PM (21 months ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ActiveDirectoryAuthPlugin

    v7 v8  
    44== Description == 
    55 
    6 The Active Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication against Active Directory.  
     6The Active Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Active Directory.  
    77 
    8 One can specify a group which users must be a member of in order to log in.  Additionally, one may specify an ''admin'' group.  If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission. 
     8Users are authenticated by performing a //bind// against the AD server using their credentials.   
     9 
     10== Groups ==  
     11 - One can specify a group which users must be a member of in order to log in.   
     12 - Additionally, one may specify an ''admin'' group.  If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission. 
     13 - Finally, ActiveDirectory groups are extended into the trac namespace.  They can be used to extend permissions by AD group. 
     14   - AD groups are prefixed by @  
     15   - group names are lowercase and spaces are replaced with underscores. 
    916 
    1017The Active Directory Auth plugin will also pull the email address and display name from Active Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.  
     
    2027== Download == 
    2128 
    22 Download the zipped source from [download:activedirectoryauthplugin here]. 
     29Download the zipped source from [download:activedirectoryauthplugin here] 
    2330 
    2431== Source == 
     
    4653password_store = ADAuthStore 
    4754#define the Active Directory host address here.  A port other than default is set as 
    48 #hostname:port 
     55#-- hostname:port 
    4956ad_server = adserver.example.com 
    50 #the Active Directory's base DN to search from, this is likely just your domain 
     57#-- the Active Directory's base DN to search from, this is likely just your domain 
    5158base_dn = DC=example,DC=com 
    52 #the user/password to search active directory from, it must be a valid 
    53 #username/password inside of active directory 
     59#-- the user/password to search active directory from, it must be a valid 
    5460bind_dn = ldapuser@example.com 
    5561bind_passwd = ldapuserpassword 
    56 #the DN (distinguishing name) for the group that contains users that can login to Trac 
    57 #if this isn't specified then any valid user in active directory is accepted 
     62#-- show disabled users 
     63#   remember users MUST have logged in to get into the session table before they 
     64#   show up.   
     65show_disabled_users = 1 
     66#-- timeout for an ldap operation before in seconds 
     67ldap_timeout = 5 
     68#-- the default charset for the ldap server 
     69charset = utf-9 
     70#-- the DN (distinguishing name) for the group that contains users that can login to Trac 
     71#   if this isn't specified then any valid user in active directory is accepted 
    5872auth_group = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com 
    59 #the DN for the group that contains users that should have the TRAC_ADMIN 
    60 #permission.  If this option is not given, no user groups will be give the 
    61 #TRAC_ADMIN permission.  This this option is enabled you must specify the 
    62 #UserExtensiblePermissionStore as the trac permission store, such as: 
    63 #[trac] 
    64 #permission_store = UserExtensiblePermissionStore 
     73#-- the DN for the group that contains users that should have the TRAC_ADMIN 
     74#   permission.  If this option is not given, no user groups will be give the 
     75#   TRAC_ADMIN permission.  This this option is enabled you must specify the 
     76#   UserExtensiblePermissionStore as the trac permission store, such as: 
     77#   [trac] 
     78#   permission_store = UserExtensiblePermissionStore 
    6579admin_group = CN=Administration,DC=example,DC=com 
     80#-- cached entry timeout in seconds  
     81cache_timeout = 90 
     82#-- memorycache size in entries 
     83memcache_size = 100 
     84#-- memory cache prune size in percentage 
     85memcache_prune_percent = 5 
    6686 
    6787[trac]