| 1 | == Examples == |
| 2 | '''NOTE: this has changed from 0.3 to 0.4!!!!''' |
| 3 | |
| 4 | All config options go under the [account-manager] config heading. Options for this module are: |
| 5 | |
| 6 | {{{ |
| 7 | #!ini |
| 8 | [account-manager] |
| 9 | #--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager |
| 10 | password_store = ADAuthStore |
| 11 | #--define the Active Directory host address here. A port other than default(389) is set as |
| 12 | # ldap://hostname:port or ldaps://hostname:port |
| 13 | dir_uri = ldap://adserver.example.com |
| 14 | #-- the Active Directory's base DN to search from, this is likely just your domain |
| 15 | dir_basedn = DC=example,DC=com |
| 16 | #-- the user/password to search the directory from, it must be a valid |
| 17 | dir_binddn = ldapuser@example.com |
| 18 | dir_bindpw = ldapuserpassword |
| 19 | #-- timeout for an ldap operation before in seconds |
| 20 | dir_timeout = 5 |
| 21 | #-- the default charset for the ldap server |
| 22 | dir_charset = utf-9 |
| 23 | ##### Userinfo |
| 24 | #-- the attribute containing the users login name, THIS MUST BE UNIQUE! |
| 25 | user_attr = sAMAccountName |
| 26 | #-- the attribute containing the users display name |
| 27 | name_attr = displayName |
| 28 | #-- the attribute containing the users email addy |
| 29 | email_attr = mail |
| 30 | ##### Groups |
| 31 | #-- where to look for groups, uses dir_basedn if not defined. |
| 32 | group_basedn = ou=Groups,dc=foo,dc=net |
| 33 | #-- expand directory groups |
| 34 | group_expand = 1 |
| 35 | #-- the name of a group .. uses user_attr if not defined. |
| 36 | group_attr = cn |
| 37 | #-- which attribute to look in for members |
| 38 | group_member_attr = member |
| 39 | #-- what to look for in the member_attr |
| 40 | group_member_value = dn |
| 41 | #-- the dn of a group that has valid users, all users if not enabled |
| 42 | group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com |
| 43 | #-- the DN for a group automagically given TRAC_ADMIN |
| 44 | # if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as: |
| 45 | # [trac] |
| 46 | # permission_store = UserExtensiblePermissionStore |
| 47 | group_tracadmin = CN=Administration,DC=example,DC=com |
| 48 | #### Cache Tuning |
| 49 | #-- cached entry time to live in seconds |
| 50 | cache_ttl= 90 |
| 51 | #-- memorycache size in entries, and a highwater warning mark |
| 52 | cache_memsize = 400 |
| 53 | cache_memsize_warn = 300 |
| 54 | #-- memory cache prune size in percentage |
| 55 | cache_memprune = 5 |
| 56 | |
| 57 | [trac] |
| 58 | permission_store = UserExtensiblePermissionStore |
| 59 | }}} |
| 60 | |
| 61 | If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN. |