wiki:DirectoryAuthPlugin/ConfigurationExamples

Version 3 (modified by patrick, 9 months ago) (diff)

--

Examples

NOTE: this has changed from 0.3 to 0.4!!!'''

All config options go under the [account-manager] config heading. Options for this module are:

For default values see: http://trac-hacks.org/browser/directoryauthplugin/trunk/tracext/dirauth/auth.py#L34

[account-manager]
#-- To use this module with AccountManager, DirAuthStore must be enabled inside of AccountManager
password_store = DirAuthStore

#-- Text encoding used by the LDAP or Active Directory Server
dir_charset = utf-8
#-- 0=Base, 1=OneLevel, 2=Subtree
dir_scope = 1
#-- URI of the LDAP or Active Directory Server.  
#   A port other than default(389) is set as ldap://hostname:port or ldaps://hostname:port
dir_uri = ldap://adserver.example.com
#-- DN used to bind to AD, leave blank for anonymous bind
dir_binddn = ldapuser@example.com
#-- Password used when binding to AD, leave blank for anonymous bind
dir_bindpw = ldapuserpassword
#-- LDAP response timeout in seconds
dir_timeout = 5
#-- Base DN used for account searches
dir_basedn = DC=example,DC=com

#-- Attribute of the user in the directory
user_attr = sAMAccountName
#-- Attribute of the users name in the directory
name_attr = displayName
#-- Attribute of the users email in the directory
email_attr = mail

#-- Base DN used for group searches
group_basedn = ou=Groups,dc=foo,dc=net
#-- CN of group containing valid users. If None, any AD user is valid
group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
#-- CN of group containing TRAC_ADMIN users (can also assign TRAC_ADMIN to an LDAP group.)
#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
#   [trac]
#   permission_store = UserExtensiblePermissionStore
group_tracadmin = CN=Administration,DC=example,DC=com
#-- Binary: expand ldap_groups into trac groups.
group_expand = 1

#-- Cache timeout in seconds 
cache_ttl= 90
#-- Size of memcache in entries, zero to disable
cache_memsize = 400
#-- Warning message for cache pruning in seconds
cache_memsize_warn = 300

If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.