Changes between Initial Version and Version 1 of DirectoryAuthPlugin/ConfigurationExamples


Ignore:
Timestamp:
Sep 18, 2012, 2:51:26 PM (2 years ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin/ConfigurationExamples

    v1 v1  
     1== Examples ==
     2'''NOTE: this has changed from 0.3 to 0.4!!!!'''
     3
     4All config options go under the [account-manager] config heading.  Options for this module are:
     5
     6{{{
     7#!ini
     8[account-manager]
     9#--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager
     10password_store = ADAuthStore
     11#--define the Active Directory host address here.  A port other than default(389) is set as
     12#  ldap://hostname:port or ldaps://hostname:port
     13dir_uri = ldap://adserver.example.com
     14#-- the Active Directory's base DN to search from, this is likely just your domain
     15dir_basedn = DC=example,DC=com
     16#-- the user/password to search the directory from, it must be a valid
     17dir_binddn = ldapuser@example.com
     18dir_bindpw = ldapuserpassword
     19#-- timeout for an ldap operation before in seconds
     20dir_timeout = 5
     21#-- the default charset for the ldap server
     22dir_charset = utf-9
     23##### Userinfo
     24#-- the attribute containing the users login name, THIS MUST BE UNIQUE!
     25user_attr = sAMAccountName
     26#-- the attribute containing the users display name
     27name_attr = displayName
     28#-- the attribute containing the users email addy
     29email_attr = mail
     30##### Groups
     31#-- where to look for groups, uses dir_basedn if not defined.
     32group_basedn = ou=Groups,dc=foo,dc=net
     33#-- expand directory groups
     34group_expand = 1
     35#-- the name of a group .. uses user_attr if not defined.
     36group_attr = cn
     37#-- which attribute to look in for members
     38group_member_attr = member
     39#-- what to look for in the member_attr
     40group_member_value = dn
     41#-- the dn of a group that has valid users, all users if not enabled
     42group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
     43#-- the DN for a group automagically given TRAC_ADMIN
     44#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
     45#   [trac]
     46#   permission_store = UserExtensiblePermissionStore
     47group_tracadmin = CN=Administration,DC=example,DC=com
     48#### Cache Tuning
     49#-- cached entry time to live in seconds
     50cache_ttl= 90
     51#-- memorycache size in entries, and a highwater warning mark
     52cache_memsize = 400
     53cache_memsize_warn = 300
     54#-- memory cache prune size in percentage
     55cache_memprune = 5
     56
     57[trac]
     58permission_store = UserExtensiblePermissionStore
     59}}}
     60
     61If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.