Changes between Version 5 and Version 6 of DirectoryAuthPlugin


Ignore:
Timestamp:
Sep 18, 2012 2:50:20 PM (23 months ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin

    v5 v6  
    1010== Description == 
    1111 
    12 The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Lightweight Directory Access Protocol (LDAP) enabled service including [[http://www.openldap.org|OpenLdap]], [[http://en.wikipedia.org/wiki/Active_Directory|ActiveDirectory]] and [[en.wikipedia.org/wiki/Apple_Open_Directory|OpenDirectory]]. 
     12The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from [http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol (LDAP)] enabled service including [http://www.openldap.org OpenLdap], [http://en.wikipedia.org/wiki/Active_Directory ActiveDirectory] and [http://en.wikipedia.org/wiki/Apple_Open_Directory OpenDirectory]. 
    1313 
    1414Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.  
     
    2222 - Can expand directory groups into the Trac namespace 
    2323 
    24 See: [DirectoryAuthPlugin/TheoryOfOperation] for details 
     24See: [./TheoryOfOperation] 
    2525 
    2626 
     
    6161   1. restart the trac service or your webserver.  
    6262 
    63 == Examples == 
    64 '''NOTE: this has changed from 0.3 to 0.4!!!!''' 
     63See [./ConfigurationExamples] 
    6564 
    66 All config options go under the [account-manager] config heading.  Options for this module are: 
    67  
    68 {{{ 
    69 #!ini 
    70 [account-manager] 
    71 #--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager 
    72 password_store = ADAuthStore 
    73 #--define the Active Directory host address here.  A port other than default(389) is set as 
    74 #  ldap://hostname:port or ldaps://hostname:port 
    75 dir_uri = ldap://adserver.example.com 
    76 #-- the Active Directory's base DN to search from, this is likely just your domain 
    77 dir_basedn = DC=example,DC=com 
    78 #-- the user/password to search the directory from, it must be a valid 
    79 dir_binddn = ldapuser@example.com 
    80 dir_bindpw = ldapuserpassword 
    81 #-- timeout for an ldap operation before in seconds 
    82 dir_timeout = 5 
    83 #-- the default charset for the ldap server 
    84 dir_charset = utf-9 
    85 ##### Userinfo 
    86 #-- the attribute containing the users login name, THIS MUST BE UNIQUE! 
    87 user_attr = sAMAccountName 
    88 #-- the attribute containing the users display name 
    89 name_attr = displayName 
    90 #-- the attribute containing the users email addy 
    91 email_attr = mail 
    92 ##### Groups 
    93 #-- where to look for groups, uses dir_basedn if not defined. 
    94 group_basedn = ou=Groups,dc=foo,dc=net 
    95 #-- expand directory groups 
    96 group_expand = 1 
    97 #-- the name of a group .. uses user_attr if not defined.  
    98 group_attr = cn 
    99 #-- which attribute to look in for members 
    100 group_member_attr = member 
    101 #-- what to look for in the member_attr 
    102 group_member_value = dn 
    103 #-- the dn of a group that has valid users, all users if not enabled 
    104 group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com 
    105 #-- the DN for a group automagically given TRAC_ADMIN 
    106 #   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as: 
    107 #   [trac] 
    108 #   permission_store = UserExtensiblePermissionStore 
    109 group_tracadmin = CN=Administration,DC=example,DC=com 
    110 #### Cache Tuning 
    111 #-- cached entry time to live in seconds  
    112 cache_ttl= 90 
    113 #-- memorycache size in entries, and a highwater warning mark 
    114 cache_memsize = 400 
    115 cache_memsize_warn = 300 
    116 #-- memory cache prune size in percentage 
    117 cache_memprune = 5 
    118  
    119 [trac] 
    120 permission_store = UserExtensiblePermissionStore 
    121 }}} 
    122  
    123 If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN. 
    12465 
    12566== Common Errors ==