| 40 | |
| 41 | == Installation == |
| 42 | |
| 43 | ==== Prerequisites ==== |
| 44 | |
| 45 | You must install AccountManagerPlugin and LdapPlugin in order to use this plugin. |
| 46 | |
| 47 | |
| 48 | ==== Installation ==== |
| 49 | |
| 50 | Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins] |
| 51 | |
| 52 | |
| 53 | ==== Configuration ==== |
| 54 | |
| 55 | Activate acct_mgr, ldapplugin, ldapauthstore in the [components] section. |
| 56 | Define LDAP related config options in the LdapPlugin [ldap] config section. |
| 57 | |
| 58 | {{{ |
| 59 | #!ini |
| 60 | [trac] |
| 61 | ... |
| 62 | permission_store = DefaultPermissionStore |
| 63 | |
| 64 | |
| 65 | [account-manager] |
| 66 | ... |
| 67 | password_store = LdapAuthStore |
| 68 | |
| 69 | [components] |
| 70 | acct_mgr.admin.accountmanageradminpage = enabled |
| 71 | acct_mgr.api.accountmanager = enabled |
| 72 | acct_mgr.web_ui.accountmodule = enabled |
| 73 | acct_mgr.web_ui.loginmodule = enabled |
| 74 | trac.web.auth.loginmodule = disabled |
| 75 | ... |
| 76 | ldapplugin.* = enabled |
| 77 | ldapauthstore.* = enabled |
| 78 | |
| 79 | |
| 80 | [ldap] |
| 81 | # enable LDAP support for Trac |
| 82 | enable = true |
| 83 | # enable TLS support |
| 84 | use_tls = false |
| 85 | # LDAP directory host |
| 86 | host = localhost |
| 87 | # LDAP directory port (default port for LDAPS/TLS connections is 636) |
| 88 | port = 389 |
| 89 | # BaseDN |
| 90 | basedn = dc=example,dc=com |
| 91 | # Relative DN for users (defaults to none) |
| 92 | user_rdn = ou=people |
| 93 | # Relative DN for group of names (defaults to none) |
| 94 | group_rdn = ou=groups |
| 95 | # objectclass for groups |
| 96 | groupname = groupOfNames |
| 97 | # dn entry in a groupname |
| 98 | groupmember = member |
| 99 | # attribute name for a group |
| 100 | groupattr = cn |
| 101 | # attribute name for a user |
| 102 | uidattr = uid |
| 103 | # attribute name to store trac permission |
| 104 | permattr = tracperm |
| 105 | # filter to search for dn with 'permattr' attributes |
| 106 | permfilter = objectclass=* |
| 107 | # time, in seconds, before a cached entry is purged out of the local cache. |
| 108 | cache_ttl = 900 |
| 109 | # maximum number of entries in the cache |
| 110 | cache_size = 100 |
| 111 | # whether to perform an authenticated bind for group resolution |
| 112 | group_bind = yes |
| 113 | # whether to perform an authenticated bind for permision store operations |
| 114 | store_bind = true |
| 115 | # user for authenticated connection to the LDAP directory |
| 116 | bind_user = cn=anonbind,dc=example,dc=com |
| 117 | # password for authenticated connection |
| 118 | bind_passwd = anonbind |
| 119 | # global permissions (vs. per-environment permissions) |
| 120 | global_perms = false |
| 121 | # group permissions are managed as addition/removal to the LDAP directory groups |
| 122 | manage_groups = true |
| 123 | # whether a group member contains the full dn or a simple uid |
| 124 | groupmemberisdn = yes |
| 125 | ... |
| 126 | # |
| 127 | # ldapauthstore settings |
| 128 | # |
| 129 | #--- from #1147, not present in #1600 |
| 130 | # default: basedn_filter = objectClass=* |
| 131 | #basedn_filter = objectClass=inetOrgPerson |
| 132 | #--- |
| 133 | # default: name = name |
| 134 | name = cn |
| 135 | # default: email = email |
| 136 | email = mail |
| 137 | #--- from #1600, not present in #1147 |
| 138 | # users must be in this group to use trac |
| 139 | allusers_group = tracusers |
| 140 | #--- |
| 141 | |
| 142 | }}} |
| 143 | |
| 144 | |
| 145 | |