Changes between Version 6 and Version 7 of DirectoryAuthPlugin


Ignore:
Timestamp:
Sep 18, 2012 2:58:34 PM (2 years ago)
Author:
sandinak
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin

    v6 v7  
    1414Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.  
    1515 
     16This plugin was built upon the excellent ActiveDirectoryAuthPlugin by pacopablo .. much thanks for the original! 
     17 
    1618== Features == 
    1719 - Can use a service account to do lookups, or anonymous binding 
     
    2224 - Can expand directory groups into the Trac namespace 
    2325 
    24 See: [./TheoryOfOperation] 
     26See: [DirectoryAuthPlugin/TheoryOfOperation TheoryOfOperation] 
    2527 
    2628 
     
    4749 - You must install AccountManagerPlugin in order to use this plugin.   
    4850 - Python-LDAP is also required and can be downloaded [http://pypi.python.org/pypi/python-ldap/ here] 
     51 - for SSL, you will have to install and configure OpenSSL to work with valid certificates. ( you can test using ldapsearch -Z )   
    4952 
    5053==== Installation ==== 
     
    6164   1. restart the trac service or your webserver.  
    6265 
    63 See [./ConfigurationExamples] 
    64  
     66See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples] 
    6567 
    6668== Common Errors == 
     69 - When using SSL, the server won't authenticate.  Make sure you can use ldapsearch -Z with the same parameters from the same host, and resolve the issues there.  A handy way to do that is use: 
     70{{{ 
     71joe@admin > ldapsearch -d8 -Z -x -b dc=base,dc=net -D binding@base.net -W -H ldaps://ldap.base.net -s one 'objectclass=person'  
     72}}} 
     73 The {{{-d8}}} should show you TLS errors.  
    6774 
    68 If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268.  This may happen when AD is running across multiple machines. 
     75 - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268.  This may happen when AD is running across multiple machines. 
    6976 
    7077== Recent Changes ==