Changes between Version 6 and Version 7 of DirectoryAuthPlugin


Ignore:
Timestamp:
Sep 18, 2012, 2:58:34 PM (2 years ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin

    v6 v7  
    1414Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.
    1515
     16This plugin was built upon the excellent ActiveDirectoryAuthPlugin by pacopablo .. much thanks for the original!
     17
    1618== Features ==
    1719 - Can use a service account to do lookups, or anonymous binding
     
    2224 - Can expand directory groups into the Trac namespace
    2325
    24 See: [./TheoryOfOperation]
     26See: [DirectoryAuthPlugin/TheoryOfOperation TheoryOfOperation]
    2527
    2628
     
    4749 - You must install AccountManagerPlugin in order to use this plugin. 
    4850 - Python-LDAP is also required and can be downloaded [http://pypi.python.org/pypi/python-ldap/ here]
     51 - for SSL, you will have to install and configure OpenSSL to work with valid certificates. ( you can test using ldapsearch -Z ) 
    4952
    5053==== Installation ====
     
    6164   1. restart the trac service or your webserver.
    6265
    63 See [./ConfigurationExamples]
    64 
     66See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples]
    6567
    6668== Common Errors ==
     69 - When using SSL, the server won't authenticate.  Make sure you can use ldapsearch -Z with the same parameters from the same host, and resolve the issues there.  A handy way to do that is use:
     70{{{
     71joe@admin > ldapsearch -d8 -Z -x -b dc=base,dc=net -D binding@base.net -W -H ldaps://ldap.base.net -s one 'objectclass=person'
     72}}}
     73 The {{{-d8}}} should show you TLS errors.
    6774
    68 If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268.  This may happen when AD is running across multiple machines.
     75 - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268.  This may happen when AD is running across multiple machines.
    6976
    7077== Recent Changes ==