Changes between Version 7 and Version 8 of ActiveDirectoryAuthPlugin


Ignore:
Timestamp:
Jul 25, 2012, 9:13:32 PM (2 years ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ActiveDirectoryAuthPlugin

    v7 v8  
    44== Description ==
    55
    6 The Active Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication against Active Directory.
     6The Active Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Active Directory.
    77
    8 One can specify a group which users must be a member of in order to log in.  Additionally, one may specify an ''admin'' group.  If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission.
     8Users are authenticated by performing a //bind// against the AD server using their credentials. 
     9
     10== Groups ==
     11 - One can specify a group which users must be a member of in order to log in. 
     12 - Additionally, one may specify an ''admin'' group.  If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission.
     13 - Finally, ActiveDirectory groups are extended into the trac namespace.  They can be used to extend permissions by AD group.
     14   - AD groups are prefixed by @
     15   - group names are lowercase and spaces are replaced with underscores.
    916
    1017The Active Directory Auth plugin will also pull the email address and display name from Active Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.
     
    2027== Download ==
    2128
    22 Download the zipped source from [download:activedirectoryauthplugin here].
     29Download the zipped source from [download:activedirectoryauthplugin here]
    2330
    2431== Source ==
     
    4653password_store = ADAuthStore
    4754#define the Active Directory host address here.  A port other than default is set as
    48 #hostname:port
     55#-- hostname:port
    4956ad_server = adserver.example.com
    50 #the Active Directory's base DN to search from, this is likely just your domain
     57#-- the Active Directory's base DN to search from, this is likely just your domain
    5158base_dn = DC=example,DC=com
    52 #the user/password to search active directory from, it must be a valid
    53 #username/password inside of active directory
     59#-- the user/password to search active directory from, it must be a valid
    5460bind_dn = ldapuser@example.com
    5561bind_passwd = ldapuserpassword
    56 #the DN (distinguishing name) for the group that contains users that can login to Trac
    57 #if this isn't specified then any valid user in active directory is accepted
     62#-- show disabled users
     63#   remember users MUST have logged in to get into the session table before they
     64#   show up. 
     65show_disabled_users = 1
     66#-- timeout for an ldap operation before in seconds
     67ldap_timeout = 5
     68#-- the default charset for the ldap server
     69charset = utf-9
     70#-- the DN (distinguishing name) for the group that contains users that can login to Trac
     71#   if this isn't specified then any valid user in active directory is accepted
    5872auth_group = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
    59 #the DN for the group that contains users that should have the TRAC_ADMIN
    60 #permission.  If this option is not given, no user groups will be give the
    61 #TRAC_ADMIN permission.  This this option is enabled you must specify the
    62 #UserExtensiblePermissionStore as the trac permission store, such as:
    63 #[trac]
    64 #permission_store = UserExtensiblePermissionStore
     73#-- the DN for the group that contains users that should have the TRAC_ADMIN
     74#   permission.  If this option is not given, no user groups will be give the
     75#   TRAC_ADMIN permission.  This this option is enabled you must specify the
     76#   UserExtensiblePermissionStore as the trac permission store, such as:
     77#   [trac]
     78#   permission_store = UserExtensiblePermissionStore
    6579admin_group = CN=Administration,DC=example,DC=com
     80#-- cached entry timeout in seconds
     81cache_timeout = 90
     82#-- memorycache size in entries
     83memcache_size = 100
     84#-- memory cache prune size in percentage
     85memcache_prune_percent = 5
    6686
    6787[trac]