Changes between Version 4 and Version 5 of DirectoryAuthPlugin


Ignore:
Timestamp:
Sep 18, 2012 2:42:56 PM (23 months ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin

    v4 v5  
    1010== Description == 
    1111 
    12 The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Active Directory.  
     12The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Lightweight Directory Access Protocol (LDAP) enabled service including [[http://www.openldap.org|OpenLdap]], [[http://en.wikipedia.org/wiki/Active_Directory|ActiveDirectory]] and [[en.wikipedia.org/wiki/Apple_Open_Directory|OpenDirectory]]. 
    1313 
    14 Users are authenticated by performing an ldap_bind against an LDAP or AD server using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.  
     14Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.  
    1515 
    16 == Groups ==  
    17  - One can specify a group which users must be a member of in order to log in.   
    18  - Additionally, one may specify an ''admin'' group.  If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission. 
    19  - Finally, Directory groups are extended into the trac namespace.  They can be used to extend permissions by group. 
    20    - directory groups are prefixed by @  
    21    - group names are lowercase and spaces are replaced with underscores. 
     16== Features == 
     17 - Can use a service account to do lookups, or anonymous binding 
     18 - Can use SSL if openssl is configured correctly ( I am working on some documentation for this )  
     19 - Configurable .. many options to deal with the differences between directories and schema 
     20 - Uses both memory and db based caching to improve performance 
     21 - Now supports LARGE directories  
     22 - Can expand directory groups into the Trac namespace 
    2223 
    23  See [DirectoryAuthPlugin/GroupManagement GroupManagement] for more details. 
     24See: [DirectoryAuthPlugin/TheoryOfOperation] for details 
    2425 
    25 == Caching ==  
    26 Given the expense of traversing the network for authorizations, a two-stage cache has been implemented.  This caches data in the database for all instances of python, and in memory for each instance; while maintaining expiration and flushing the cache(s) as necessary. See: [DirectoryAuthPlugin/CacheManagement CacheManagement] for details.  
    2726 
    2827== Bugs/Feature Requests ==