Changes between Version 5 and Version 6 of LdapAuthStorePlugin


Ignore:
Timestamp:
Aug 2, 2013 1:59:33 PM (15 months ago)
Author:
anonymous
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • LdapAuthStorePlugin

    v5 v6  
     1[[PageOutline(2-5,Contents,pullout)]] 
     2 
     3 
    14= LdapAuthStorePlugin = 
    25 
     6 
    37== Description == 
     8 
     9The LdapAuthStorePlugin is a password store for the AccountManagerPlugin that provides authentication and group membership from an LDAP service. 
     10Users are authenticated by performing an LDAP bind against a directory using their credentials. The plugin will also pull the email address and username from the directory and populate the `session_attribute` table. 
     11 
     12It does work with current Trac (1.0.1) + LdapPlugin + AccountManagerPlugin against OpenLDAP. 
     13 
     14 
     15== History == 
    416 
    517At the suggestion from comment:26:ticket:1147, k0s posted the plugin from ticket:1147 as a standalone hack. 
    618 
    719Based on his work i have taken [http://trac-hacks.org/attachment/ticket/1600/ldap-auth-store.patch] from #1600 and merged in the session store parts of [http://trac-hacks.org/attachment/ticket/1147/ldap_store.3.py], [http://trac-hacks.org/attachment/ticket/1147/account-manager-ldap.4.patch] from #1147 
    8  
    9 It does work with current Trac (1.0.1) + LdapPlugin + AccountManagerPlugin against OpenLDAP. 
    1020 
    1121 
     
    1828[http://trac-hacks.org/newticket?component=LdapAuthStorePlugin&owner=igoltz new ticket]. 
    1929 
     30 
    2031== Download == 
    2132 
    2233Download the zipped source from [download:ldapauthstoreplugin here]. 
     34 
    2335 
    2436== Source == 
     
    2638You can check out LdapAuthStorePlugin from [http://trac-hacks.org/svn/ldapauthstoreplugin here] using Subversion, or [source:ldapauthstoreplugin browse the source] with Trac. 
    2739 
     40 
     41== Installation == 
     42 
     43==== Prerequisites ==== 
     44 
     45You must install AccountManagerPlugin and LdapPlugin in order to use this plugin.   
     46 
     47 
     48==== Installation ==== 
     49 
     50Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins] 
     51 
     52 
     53==== Configuration ==== 
     54 
     55Activate acct_mgr, ldapplugin, ldapauthstore in the [components] section. 
     56Define LDAP related config options in the LdapPlugin [ldap] config section. 
     57 
     58{{{ 
     59#!ini 
     60[trac] 
     61... 
     62permission_store = DefaultPermissionStore 
     63 
     64 
     65[account-manager] 
     66... 
     67password_store = LdapAuthStore 
     68 
     69[components] 
     70acct_mgr.admin.accountmanageradminpage = enabled 
     71acct_mgr.api.accountmanager = enabled 
     72acct_mgr.web_ui.accountmodule = enabled 
     73acct_mgr.web_ui.loginmodule = enabled 
     74trac.web.auth.loginmodule = disabled 
     75... 
     76ldapplugin.* = enabled 
     77ldapauthstore.* = enabled 
     78 
     79 
     80[ldap] 
     81# enable LDAP support for Trac 
     82enable = true 
     83# enable TLS support 
     84use_tls = false 
     85# LDAP directory host 
     86host = localhost 
     87# LDAP directory port (default port for LDAPS/TLS connections is 636) 
     88port = 389 
     89# BaseDN 
     90basedn = dc=example,dc=com 
     91# Relative DN for users (defaults to none) 
     92user_rdn = ou=people 
     93# Relative DN for group of names (defaults to none) 
     94group_rdn = ou=groups 
     95# objectclass for groups 
     96groupname = groupOfNames 
     97# dn entry in a groupname 
     98groupmember = member 
     99# attribute name for a group 
     100groupattr = cn 
     101# attribute name for a user 
     102uidattr = uid 
     103# attribute name to store trac permission 
     104permattr = tracperm 
     105# filter to search for dn with 'permattr' attributes 
     106permfilter = objectclass=* 
     107# time, in seconds, before a cached entry is purged out of the local cache. 
     108cache_ttl = 900 
     109# maximum number of entries in the cache 
     110cache_size = 100 
     111# whether to perform an authenticated bind for group resolution 
     112group_bind = yes 
     113# whether to perform an authenticated bind for permision store operations 
     114store_bind = true 
     115# user for authenticated connection to the LDAP directory 
     116bind_user =  cn=anonbind,dc=example,dc=com 
     117# password for authenticated connection 
     118bind_passwd = anonbind 
     119# global permissions (vs. per-environment permissions) 
     120global_perms = false 
     121# group permissions are managed as addition/removal to the LDAP directory groups 
     122manage_groups = true 
     123# whether a group member contains the full dn or a simple uid 
     124groupmemberisdn = yes 
     125... 
     126#  
     127# ldapauthstore settings 
     128# 
     129#--- from #1147, not present in #1600  
     130# default: basedn_filter = objectClass=* 
     131#basedn_filter = objectClass=inetOrgPerson 
     132#--- 
     133# default: name = name 
     134name = cn 
     135# default: email = email 
     136email = mail 
     137#--- from #1600, not present in #1147 
     138# users must be in this group to use trac 
     139allusers_group = tracusers 
     140#--- 
     141 
     142}}} 
     143 
     144 
     145 
    28146== Recent Changes == 
    29147 
    30148[[ChangeLog(ldapauthstoreplugin, 3)]] 
     149 
    31150 
    32151== Author/Contributors == 
     
    35154'''Maintainer:''' igoltz [[BR]] 
    36155'''Contributors:''' 
     156