Changes between Version 2 and Version 3 of DirectoryAuthPlugin/ConfigurationExamples


Ignore:
Timestamp:
Jan 6, 2014 7:53:52 PM (8 months ago)
Author:
patrick
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin/ConfigurationExamples

    v2 v3  
    44All config options go under the [account-manager] config heading.  Options for this module are: 
    55 
     6'''For default values see: http://trac-hacks.org/browser/directoryauthplugin/trunk/tracext/dirauth/auth.py#L34''' 
     7 
    68{{{ 
    79#!ini 
    810[account-manager] 
    9 #--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager 
    10 password_store = ADAuthStore 
    11 #--define the Active Directory host address here.  A port other than default(389) is set as 
    12 #  ldap://hostname:port or ldaps://hostname:port 
     11#-- To use this module with AccountManager, DirAuthStore must be enabled inside of AccountManager 
     12password_store = DirAuthStore 
     13 
     14#-- Text encoding used by the LDAP or Active Directory Server 
     15dir_charset = utf-8 
     16#-- 0=Base, 1=OneLevel, 2=Subtree 
     17dir_scope = 1 
     18#-- URI of the LDAP or Active Directory Server.   
     19#   A port other than default(389) is set as ldap://hostname:port or ldaps://hostname:port 
    1320dir_uri = ldap://adserver.example.com 
    14 #-- the Active Directory's base DN to search from, this is likely just your domain 
     21#-- DN used to bind to AD, leave blank for anonymous bind 
     22dir_binddn = ldapuser@example.com 
     23#-- Password used when binding to AD, leave blank for anonymous bind 
     24dir_bindpw = ldapuserpassword 
     25#-- LDAP response timeout in seconds 
     26dir_timeout = 5 
     27#-- Base DN used for account searches 
    1528dir_basedn = DC=example,DC=com 
    16 #-- the user/password to search the directory from, it must be a valid 
    17 dir_binddn = ldapuser@example.com 
    18 dir_bindpw = ldapuserpassword 
    19 #-- timeout for an ldap operation before in seconds 
    20 dir_timeout = 5 
    21 #-- the default charset for the ldap server 
    22 dir_charset = utf-8 
    23 ##### Userinfo 
    24 #-- the attribute containing the users login name, THIS MUST BE UNIQUE! 
     29 
     30#-- Attribute of the user in the directory 
    2531user_attr = sAMAccountName 
    26 #-- the attribute containing the users display name 
     32#-- Attribute of the users name in the directory 
    2733name_attr = displayName 
    28 #-- the attribute containing the users email addy 
     34#-- Attribute of the users email in the directory 
    2935email_attr = mail 
    30 ##### Groups 
    31 #-- where to look for groups, uses dir_basedn if not defined. 
     36 
     37#-- Base DN used for group searches 
    3238group_basedn = ou=Groups,dc=foo,dc=net 
    33 #-- expand directory groups 
    34 group_expand = 1 
    35 #-- the name of a group .. uses user_attr if not defined.  
    36 group_attr = cn 
    37 #-- which attribute to look in for members 
    38 group_member_attr = member 
    39 #-- what to look for in the member_attr 
    40 group_member_value = dn 
    41 #-- the dn of a group that has valid users, all users if not enabled 
     39#-- CN of group containing valid users. If None, any AD user is valid 
    4240group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com 
    43 #-- the DN for a group automagically given TRAC_ADMIN 
     41#-- CN of group containing TRAC_ADMIN users (can also assign TRAC_ADMIN to an LDAP group.) 
    4442#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as: 
    4543#   [trac] 
    4644#   permission_store = UserExtensiblePermissionStore 
    4745group_tracadmin = CN=Administration,DC=example,DC=com 
    48 #### Cache Tuning 
    49 #-- cached entry time to live in seconds  
     46#-- Binary: expand ldap_groups into trac groups. 
     47group_expand = 1 
     48 
     49#-- Cache timeout in seconds  
    5050cache_ttl= 90 
    51 #-- memorycache size in entries, and a highwater warning mark 
     51#-- Size of memcache in entries, zero to disable 
    5252cache_memsize = 400 
     53#-- Warning message for cache pruning in seconds 
    5354cache_memsize_warn = 300 
    54 #-- memory cache prune size in percentage 
    55 cache_memprune = 5 
    56  
    57 [trac] 
    58 permission_store = UserExtensiblePermissionStore 
    5955}}} 
    6056