| 1 | |
| 2 | = Theory of Operations = |
| 3 | |
| 4 | I am writing this page to help others understand the use, operations and limitations of this plugin. |
| 5 | |
| 6 | == Groups == |
| 7 | - One can specify a group which users must be a member of in order to log in. |
| 8 | - Additionally, one may specify an ''admin'' group. If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission. |
| 9 | - Finally, Directory groups are extended into the trac namespace. They can be used to extend permissions by group. |
| 10 | - directory groups are prefixed by @ |
| 11 | - group names are lowercase and spaces are replaced with underscores. |
| 12 | |
| 13 | See [DirectoryAuthPlugin/GroupManagement GroupManagement] for more details. |
| 14 | |
| 15 | == Caching == |
| 16 | |
| 17 | Given the expense of traversing the network for authorizations, a two-stage cache has been implemented. |
| 18 | |
| 19 | 1. Data is cached into memory for quick lookups on repeat operations. |
| 20 | 1. Data is also cached in the database so that lookups can pass between instances of python w/o requiring going to the network. |
| 21 | |
| 22 | See: [DirectoryAuthPlugin/CacheManagement CacheManagement] for details. |