wiki:LdapPlugin/AccountManagerIntegration

Version 1 (modified by harbulot, 5 years ago) (diff)

--

LdapAccountManagerPasswordStore

I've tried to integrate the LdapPlugin with the AccountManagerPlugin, so as to be able to authenticate via the form provided via the account manager (instead of relying on Apache Httpd or other server authentication) and manage passwords.

The LdapAccountManagerPasswordStore in this file implements an IPasswordStore (see AccountManagerPlugin), which can currently check and set a password, and get the list of users.

This has been tested rather successfully with Trac 0.11.6, but you're going to need to apply the fix in 6183 first, and apply this patch to LdapPlugin's setup.py:

  • setup.py

    a b setup ( 
    2020    entry_points = {
    2121        'trac.plugins': [
    2222            'ldapplugin.api = ldapplugin.api',
     23            'ldapplugin.acctmgr = ldapplugin.acctmgr'
    2324        ]
    2425    }

(AccountManagerPlugin also needs to be installed.)

Extra notes

  • This is an early implementation, rely on it at your own risks.
  • Relying on IPasswordStore.get_users() might not be ideal for a large LDAP directory (displaying on the admin page might not be appropriate in this case). Currently, the AccountManagerPlugin preference panel relies on calling this to display the preference panel for a given user, rather than using has_user().
  • LDAP could be a good place to store the user full name and e-mail address. Unfortunately, this seems harder to hook into Trac since (at least in version 0.11), this is handled separately in the main SQL database by the core API.
  • Setting the password will currently use the {SHA} method in LDAP. Other methods could be implemented.

Author

This code was developed by Bruno Harbulot (bruno -- distributedmatter.net), based on the existing code in the LdapPlugin.

Attachments (1)

Download all attachments as: .zip