Changes between Version 5 and Version 6 of LdapAuthStorePlugin


Ignore:
Timestamp:
Aug 2, 2013, 1:59:33 PM (16 months ago)
Author:
anonymous
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • LdapAuthStorePlugin

    v5 v6  
     1[[PageOutline(2-5,Contents,pullout)]]
     2
     3
    14= LdapAuthStorePlugin =
    25
     6
    37== Description ==
     8
     9The LdapAuthStorePlugin is a password store for the AccountManagerPlugin that provides authentication and group membership from an LDAP service.
     10Users are authenticated by performing an LDAP bind against a directory using their credentials. The plugin will also pull the email address and username from the directory and populate the `session_attribute` table.
     11
     12It does work with current Trac (1.0.1) + LdapPlugin + AccountManagerPlugin against OpenLDAP.
     13
     14
     15== History ==
    416
    517At the suggestion from comment:26:ticket:1147, k0s posted the plugin from ticket:1147 as a standalone hack.
    618
    719Based on his work i have taken [http://trac-hacks.org/attachment/ticket/1600/ldap-auth-store.patch] from #1600 and merged in the session store parts of [http://trac-hacks.org/attachment/ticket/1147/ldap_store.3.py], [http://trac-hacks.org/attachment/ticket/1147/account-manager-ldap.4.patch] from #1147
    8 
    9 It does work with current Trac (1.0.1) + LdapPlugin + AccountManagerPlugin against OpenLDAP.
    1020
    1121
     
    1828[http://trac-hacks.org/newticket?component=LdapAuthStorePlugin&owner=igoltz new ticket].
    1929
     30
    2031== Download ==
    2132
    2233Download the zipped source from [download:ldapauthstoreplugin here].
     34
    2335
    2436== Source ==
     
    2638You can check out LdapAuthStorePlugin from [http://trac-hacks.org/svn/ldapauthstoreplugin here] using Subversion, or [source:ldapauthstoreplugin browse the source] with Trac.
    2739
     40
     41== Installation ==
     42
     43==== Prerequisites ====
     44
     45You must install AccountManagerPlugin and LdapPlugin in order to use this plugin. 
     46
     47
     48==== Installation ====
     49
     50Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins]
     51
     52
     53==== Configuration ====
     54
     55Activate acct_mgr, ldapplugin, ldapauthstore in the [components] section.
     56Define LDAP related config options in the LdapPlugin [ldap] config section.
     57
     58{{{
     59#!ini
     60[trac]
     61...
     62permission_store = DefaultPermissionStore
     63
     64
     65[account-manager]
     66...
     67password_store = LdapAuthStore
     68
     69[components]
     70acct_mgr.admin.accountmanageradminpage = enabled
     71acct_mgr.api.accountmanager = enabled
     72acct_mgr.web_ui.accountmodule = enabled
     73acct_mgr.web_ui.loginmodule = enabled
     74trac.web.auth.loginmodule = disabled
     75...
     76ldapplugin.* = enabled
     77ldapauthstore.* = enabled
     78
     79
     80[ldap]
     81# enable LDAP support for Trac
     82enable = true
     83# enable TLS support
     84use_tls = false
     85# LDAP directory host
     86host = localhost
     87# LDAP directory port (default port for LDAPS/TLS connections is 636)
     88port = 389
     89# BaseDN
     90basedn = dc=example,dc=com
     91# Relative DN for users (defaults to none)
     92user_rdn = ou=people
     93# Relative DN for group of names (defaults to none)
     94group_rdn = ou=groups
     95# objectclass for groups
     96groupname = groupOfNames
     97# dn entry in a groupname
     98groupmember = member
     99# attribute name for a group
     100groupattr = cn
     101# attribute name for a user
     102uidattr = uid
     103# attribute name to store trac permission
     104permattr = tracperm
     105# filter to search for dn with 'permattr' attributes
     106permfilter = objectclass=*
     107# time, in seconds, before a cached entry is purged out of the local cache.
     108cache_ttl = 900
     109# maximum number of entries in the cache
     110cache_size = 100
     111# whether to perform an authenticated bind for group resolution
     112group_bind = yes
     113# whether to perform an authenticated bind for permision store operations
     114store_bind = true
     115# user for authenticated connection to the LDAP directory
     116bind_user =  cn=anonbind,dc=example,dc=com
     117# password for authenticated connection
     118bind_passwd = anonbind
     119# global permissions (vs. per-environment permissions)
     120global_perms = false
     121# group permissions are managed as addition/removal to the LDAP directory groups
     122manage_groups = true
     123# whether a group member contains the full dn or a simple uid
     124groupmemberisdn = yes
     125...
     126#
     127# ldapauthstore settings
     128#
     129#--- from #1147, not present in #1600
     130# default: basedn_filter = objectClass=*
     131#basedn_filter = objectClass=inetOrgPerson
     132#---
     133# default: name = name
     134name = cn
     135# default: email = email
     136email = mail
     137#--- from #1600, not present in #1147
     138# users must be in this group to use trac
     139allusers_group = tracusers
     140#---
     141
     142}}}
     143
     144
     145
    28146== Recent Changes ==
    29147
    30148[[ChangeLog(ldapauthstoreplugin, 3)]]
     149
    31150
    32151== Author/Contributors ==
     
    35154'''Maintainer:''' igoltz [[BR]]
    36155'''Contributors:'''
     156