Changes between Initial Version and Version 1 of DirectoryAuthPlugin/ConfigurationExamples


Ignore:
Timestamp:
Sep 18, 2012 2:51:26 PM (2 years ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin/ConfigurationExamples

    v1 v1  
     1== Examples == 
     2'''NOTE: this has changed from 0.3 to 0.4!!!!''' 
     3 
     4All config options go under the [account-manager] config heading.  Options for this module are: 
     5 
     6{{{ 
     7#!ini 
     8[account-manager] 
     9#--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager 
     10password_store = ADAuthStore 
     11#--define the Active Directory host address here.  A port other than default(389) is set as 
     12#  ldap://hostname:port or ldaps://hostname:port 
     13dir_uri = ldap://adserver.example.com 
     14#-- the Active Directory's base DN to search from, this is likely just your domain 
     15dir_basedn = DC=example,DC=com 
     16#-- the user/password to search the directory from, it must be a valid 
     17dir_binddn = ldapuser@example.com 
     18dir_bindpw = ldapuserpassword 
     19#-- timeout for an ldap operation before in seconds 
     20dir_timeout = 5 
     21#-- the default charset for the ldap server 
     22dir_charset = utf-9 
     23##### Userinfo 
     24#-- the attribute containing the users login name, THIS MUST BE UNIQUE! 
     25user_attr = sAMAccountName 
     26#-- the attribute containing the users display name 
     27name_attr = displayName 
     28#-- the attribute containing the users email addy 
     29email_attr = mail 
     30##### Groups 
     31#-- where to look for groups, uses dir_basedn if not defined. 
     32group_basedn = ou=Groups,dc=foo,dc=net 
     33#-- expand directory groups 
     34group_expand = 1 
     35#-- the name of a group .. uses user_attr if not defined.  
     36group_attr = cn 
     37#-- which attribute to look in for members 
     38group_member_attr = member 
     39#-- what to look for in the member_attr 
     40group_member_value = dn 
     41#-- the dn of a group that has valid users, all users if not enabled 
     42group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com 
     43#-- the DN for a group automagically given TRAC_ADMIN 
     44#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as: 
     45#   [trac] 
     46#   permission_store = UserExtensiblePermissionStore 
     47group_tracadmin = CN=Administration,DC=example,DC=com 
     48#### Cache Tuning 
     49#-- cached entry time to live in seconds  
     50cache_ttl= 90 
     51#-- memorycache size in entries, and a highwater warning mark 
     52cache_memsize = 400 
     53cache_memsize_warn = 300 
     54#-- memory cache prune size in percentage 
     55cache_memprune = 5 
     56 
     57[trac] 
     58permission_store = UserExtensiblePermissionStore 
     59}}} 
     60 
     61If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.