Changes between Version 4 and Version 5 of DirectoryAuthPlugin
- Timestamp:
- Sep 18, 2012, 12:42:56 PM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DirectoryAuthPlugin
v4 v5 10 10 == Description == 11 11 12 The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Active Directory.12 The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Lightweight Directory Access Protocol (LDAP) enabled service including [[http://www.openldap.org|OpenLdap]], [[http://en.wikipedia.org/wiki/Active_Directory|ActiveDirectory]] and [[en.wikipedia.org/wiki/Apple_Open_Directory|OpenDirectory]]. 13 13 14 Users are authenticated by performing an ldap_bind against a n LDAP or AD serverusing their credentials. The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table. See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.14 Users are authenticated by performing an ldap_bind against a directory using their credentials. The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table. See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why. 15 15 16 == Groups == 17 - One can specify a group which users must be a member of in order to log in. 18 - Additionally, one may specify an ''admin'' group. If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission. 19 - Finally, Directory groups are extended into the trac namespace. They can be used to extend permissions by group. 20 - directory groups are prefixed by @ 21 - group names are lowercase and spaces are replaced with underscores. 16 == Features == 17 - Can use a service account to do lookups, or anonymous binding 18 - Can use SSL if openssl is configured correctly ( I am working on some documentation for this ) 19 - Configurable .. many options to deal with the differences between directories and schema 20 - Uses both memory and db based caching to improve performance 21 - Now supports LARGE directories 22 - Can expand directory groups into the Trac namespace 22 23 23 See [DirectoryAuthPlugin/GroupManagement GroupManagement] for more details. 24 See: [DirectoryAuthPlugin/TheoryOfOperation] for details 24 25 25 == Caching ==26 Given the expense of traversing the network for authorizations, a two-stage cache has been implemented. This caches data in the database for all instances of python, and in memory for each instance; while maintaining expiration and flushing the cache(s) as necessary. See: [DirectoryAuthPlugin/CacheManagement CacheManagement] for details.27 26 28 27 == Bugs/Feature Requests ==