Changes between Version 2 and Version 3 of DirectoryAuthPlugin/ConfigurationExamples


Ignore:
Timestamp:
Jan 6, 2014, 7:53:52 PM (12 months ago)
Author:
patrick
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin/ConfigurationExamples

    v2 v3  
    44All config options go under the [account-manager] config heading.  Options for this module are:
    55
     6'''For default values see: http://trac-hacks.org/browser/directoryauthplugin/trunk/tracext/dirauth/auth.py#L34'''
     7
    68{{{
    79#!ini
    810[account-manager]
    9 #--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager
    10 password_store = ADAuthStore
    11 #--define the Active Directory host address here.  A port other than default(389) is set as
    12 #  ldap://hostname:port or ldaps://hostname:port
     11#-- To use this module with AccountManager, DirAuthStore must be enabled inside of AccountManager
     12password_store = DirAuthStore
     13
     14#-- Text encoding used by the LDAP or Active Directory Server
     15dir_charset = utf-8
     16#-- 0=Base, 1=OneLevel, 2=Subtree
     17dir_scope = 1
     18#-- URI of the LDAP or Active Directory Server. 
     19#   A port other than default(389) is set as ldap://hostname:port or ldaps://hostname:port
    1320dir_uri = ldap://adserver.example.com
    14 #-- the Active Directory's base DN to search from, this is likely just your domain
     21#-- DN used to bind to AD, leave blank for anonymous bind
     22dir_binddn = ldapuser@example.com
     23#-- Password used when binding to AD, leave blank for anonymous bind
     24dir_bindpw = ldapuserpassword
     25#-- LDAP response timeout in seconds
     26dir_timeout = 5
     27#-- Base DN used for account searches
    1528dir_basedn = DC=example,DC=com
    16 #-- the user/password to search the directory from, it must be a valid
    17 dir_binddn = ldapuser@example.com
    18 dir_bindpw = ldapuserpassword
    19 #-- timeout for an ldap operation before in seconds
    20 dir_timeout = 5
    21 #-- the default charset for the ldap server
    22 dir_charset = utf-8
    23 ##### Userinfo
    24 #-- the attribute containing the users login name, THIS MUST BE UNIQUE!
     29
     30#-- Attribute of the user in the directory
    2531user_attr = sAMAccountName
    26 #-- the attribute containing the users display name
     32#-- Attribute of the users name in the directory
    2733name_attr = displayName
    28 #-- the attribute containing the users email addy
     34#-- Attribute of the users email in the directory
    2935email_attr = mail
    30 ##### Groups
    31 #-- where to look for groups, uses dir_basedn if not defined.
     36
     37#-- Base DN used for group searches
    3238group_basedn = ou=Groups,dc=foo,dc=net
    33 #-- expand directory groups
    34 group_expand = 1
    35 #-- the name of a group .. uses user_attr if not defined.
    36 group_attr = cn
    37 #-- which attribute to look in for members
    38 group_member_attr = member
    39 #-- what to look for in the member_attr
    40 group_member_value = dn
    41 #-- the dn of a group that has valid users, all users if not enabled
     39#-- CN of group containing valid users. If None, any AD user is valid
    4240group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
    43 #-- the DN for a group automagically given TRAC_ADMIN
     41#-- CN of group containing TRAC_ADMIN users (can also assign TRAC_ADMIN to an LDAP group.)
    4442#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
    4543#   [trac]
    4644#   permission_store = UserExtensiblePermissionStore
    4745group_tracadmin = CN=Administration,DC=example,DC=com
    48 #### Cache Tuning
    49 #-- cached entry time to live in seconds
     46#-- Binary: expand ldap_groups into trac groups.
     47group_expand = 1
     48
     49#-- Cache timeout in seconds
    5050cache_ttl= 90
    51 #-- memorycache size in entries, and a highwater warning mark
     51#-- Size of memcache in entries, zero to disable
    5252cache_memsize = 400
     53#-- Warning message for cache pruning in seconds
    5354cache_memsize_warn = 300
    54 #-- memory cache prune size in percentage
    55 cache_memprune = 5
    56 
    57 [trac]
    58 permission_store = UserExtensiblePermissionStore
    5955}}}
    6056