Changes between Version 14 and Version 15 of LdapPlugin

Jun 18, 2006, 7:28:19 PM (9 years ago)

Update for release 0.4.1


  • LdapPlugin

    v14 v15  
    11= LDAP extensions =
    3 [[PageOutline]]
    55== Abstract ==
    1414[ Trac#535] on the official web site.
    16 This software is [ licenced] with the same
    17 license as Trac.
     16This plugin follows the same [ licence] as Trac.
    1918== Requirements ==
    3029information about plugin installation.
    32 === Important note ===
     31==== Important note ====
    3433You need to grab a recent version of Trac from the trunk to make the Ldap permission store extension work as expected.[[BR]]
    147146# global permissions (vs. per-environment permissions)
    148147global_perms = false
     148# group permissions are managed as addition/removal to the LDAP directory groups
     149manage_groups = true
    340341`/var/local/trac/test` and `/var/db/test`, they are both named "test" and share the same permissions. This is a known limitation of the current implementation.
     343== Group management ==
     345Starting from release '''v0.4.1''', the LdapPlugin permission store offers two ways to store group membership:
     346 * Permission-based management (default setting):[[BR]]
     347   In this configuration, the plugin mimics the original Trac membership management, but does not follow the LDAP way: group membership is defined as permission actions, which leads to manage permissions concurrently from the permission actions and the existing LDAP groups
     348 * Ldap group management (recommended settings):[[BR]]
     349   In this configuration, the plugin only uses the LDAP groups to manage group membership. The plugin adds or removes group members from existing LDAP groups
     351The new group management scheme can be activated using the `manage_groups` option.
     353==== Important notes ====
     355 1. The LDAP plugin is not able to create new groups or new users from scratch. Users and groups must already exist in the LDAP directory. It would be difficult to create a new LDAP group or a new LDAP user from Trac, as the creation of a LDAP resource usually requires properties which are not made available to the LDAP plugin.[[BR]]
     356  The above point means that the Trac administrator should probably creates the users and the groups from outside the Trac administration console (or [trac:wiki:WebAdmin WebAdmin]). LdapPlugin is designed to integrate Trac with an existing LDAP directory, not to manage the directory.
     357 1. Default LDAP group policy usually requires that each group contains at least one member. If the administrator tries to remove the last member of a LDAP group, the LdapPlugin may refuse to perform this action (depending on the LDAP server setup).
    342359== Known limitations ==
    369386 * '''v0.3.0''': Introduce per-environment permissions: permissions are defined to the current environment and do not overlap with other Trac environments using the same LDAP directory, unless the `global_perms` configuration parameters is set.
    370387 * '''v0.4.0''': Major rewrite of the LdapPlugin to support Trac trunk [trac:changeset:3419 3419], including better support for groups (user dns may be part of a different subtree than group dns, such as `ou=people` vs. `ou=groups`), improved cache management, as well as many bug fixes and code clean up.
     388 * '''v0.4.1''': Introduce a new feature: group management is done as addition and removal to the LDAP groups of names: instead of storing groups as trac permissions (as the default permission store does), the plugin is not able to add and remove members to the LDAP group of names.
    372390== Author/Contributors ==
    374392'''Author:''' [wiki:eblot eblot] [[BR]]
    375 '''Contributors:'''