[[PageOutline(2-5,Contents,pullout)]] = LdapAuthStorePlugin = == Description == The LdapAuthStorePlugin is a password store for the AccountManagerPlugin that provides authentication and group membership from an LDAP service. Users are authenticated by performing an LDAP bind against a directory using their credentials. The plugin will also pull the email address and username from the directory and populate the `session_attribute` table. It does work with current Trac (1.0.1) + LdapPlugin + AccountManagerPlugin against OpenLDAP. == History == At the suggestion from comment:26:ticket:1147, k0s posted the plugin from ticket:1147 as a standalone hack. Based on his work i have taken [http://trac-hacks.org/attachment/ticket/1600/ldap-auth-store.patch] from #1600 and merged in the session store parts of [http://trac-hacks.org/attachment/ticket/1147/ldap_store.3.py], [http://trac-hacks.org/attachment/ticket/1147/account-manager-ldap.4.patch] from #1147 == Bugs/Feature Requests == Existing bugs and feature requests for LdapAuthStorePlugin are [report:9?COMPONENT=LdapAuthStorePlugin here]. If you have any issues, create a [http://trac-hacks.org/newticket?component=LdapAuthStorePlugin&owner=igoltz new ticket]. == Download == Download the zipped source from [download:ldapauthstoreplugin here]. == Source == You can check out LdapAuthStorePlugin from [http://trac-hacks.org/svn/ldapauthstoreplugin here] using Subversion, or [source:ldapauthstoreplugin browse the source] with Trac. == Installation == ==== Prerequisites ==== You must install AccountManagerPlugin and LdapPlugin in order to use this plugin. ==== Installation ==== Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins] ==== Configuration ==== Activate acct_mgr, ldapplugin, ldapauthstore in the [components] section. Define LDAP related config options in the LdapPlugin [ldap] config section. {{{ #!ini [trac] ... permission_store = DefaultPermissionStore [account-manager] ... password_store = LdapAuthStore [components] acct_mgr.admin.accountmanageradminpage = enabled acct_mgr.api.accountmanager = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.loginmodule = enabled trac.web.auth.loginmodule = disabled ... ldapplugin.* = enabled ldapauthstore.* = enabled [ldap] # enable LDAP support for Trac enable = true # enable TLS support use_tls = false # LDAP directory host host = localhost # LDAP directory port (default port for LDAPS/TLS connections is 636) port = 389 # BaseDN basedn = dc=example,dc=com # Relative DN for users (defaults to none) user_rdn = ou=people # Relative DN for group of names (defaults to none) group_rdn = ou=groups # objectclass for groups groupname = groupOfNames # dn entry in a groupname groupmember = member # attribute name for a group groupattr = cn # attribute name for a user uidattr = uid # attribute name to store trac permission permattr = tracperm # filter to search for dn with 'permattr' attributes permfilter = objectclass=* # time, in seconds, before a cached entry is purged out of the local cache. cache_ttl = 900 # maximum number of entries in the cache cache_size = 100 # whether to perform an authenticated bind for group resolution group_bind = yes # whether to perform an authenticated bind for permision store operations store_bind = true # user for authenticated connection to the LDAP directory bind_user = cn=anonbind,dc=example,dc=com # password for authenticated connection bind_passwd = anonbind # global permissions (vs. per-environment permissions) global_perms = false # group permissions are managed as addition/removal to the LDAP directory groups manage_groups = true # whether a group member contains the full dn or a simple uid groupmemberisdn = yes ... # # ldapauthstore settings # #--- from #1147, not present in #1600 # default: basedn_filter = objectClass=* #basedn_filter = objectClass=inetOrgPerson #--- # default: name = name name = cn # default: email = email email = mail #--- from #1600, not present in #1147 # users must be in this group to use trac allusers_group = tracusers #--- }}} == Recent Changes == [[ChangeLog(ldapauthstoreplugin, 3)]] == Author/Contributors == '''Author:''' [wiki:k0s] [[BR]] '''Maintainer:''' igoltz [[BR]] '''Contributors:'''