wiki:DirectoryAuthPlugin/ConfigurationExamples

Version 1 (modified by branson, 12 years ago) (diff)

--

Examples

NOTE: this has changed from 0.3 to 0.4!!!'''

All config options go under the [account-manager] config heading. Options for this module are:

[account-manager]
#--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager
password_store = ADAuthStore
#--define the Active Directory host address here.  A port other than default(389) is set as
#  ldap://hostname:port or ldaps://hostname:port
dir_uri = ldap://adserver.example.com
#-- the Active Directory's base DN to search from, this is likely just your domain
dir_basedn = DC=example,DC=com
#-- the user/password to search the directory from, it must be a valid
dir_binddn = ldapuser@example.com
dir_bindpw = ldapuserpassword
#-- timeout for an ldap operation before in seconds
dir_timeout = 5
#-- the default charset for the ldap server
dir_charset = utf-9
##### Userinfo
#-- the attribute containing the users login name, THIS MUST BE UNIQUE!
user_attr = sAMAccountName
#-- the attribute containing the users display name
name_attr = displayName
#-- the attribute containing the users email addy
email_attr = mail
##### Groups
#-- where to look for groups, uses dir_basedn if not defined.
group_basedn = ou=Groups,dc=foo,dc=net
#-- expand directory groups
group_expand = 1
#-- the name of a group .. uses user_attr if not defined. 
group_attr = cn
#-- which attribute to look in for members
group_member_attr = member
#-- what to look for in the member_attr
group_member_value = dn
#-- the dn of a group that has valid users, all users if not enabled
group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
#-- the DN for a group automagically given TRAC_ADMIN
#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
#   [trac]
#   permission_store = UserExtensiblePermissionStore
group_tracadmin = CN=Administration,DC=example,DC=com
#### Cache Tuning
#-- cached entry time to live in seconds 
cache_ttl= 90
#-- memorycache size in entries, and a highwater warning mark
cache_memsize = 400
cache_memsize_warn = 300
#-- memory cache prune size in percentage
cache_memprune = 5

[trac]
permission_store = UserExtensiblePermissionStore

If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.