Changes between Version 14 and Version 15 of LdapPlugin


Ignore:
Timestamp:
Jun 18, 2006 7:28:19 PM (8 years ago)
Author:
eblot
Comment:

Update for release 0.4.1

Legend:

Unmodified
Added
Removed
Modified
  • LdapPlugin

    v14 v15  
    11= LDAP extensions = 
    22 
    3 [[PageOutline]] 
     3[[PageOutline(1-3)]] 
    44 
    55== Abstract == 
     
    1414[http://projects.edgewall.com/trac/ticket/535 Trac#535] on the official web site. 
    1515 
    16 This software is [http://trac.edgewall.com/license.html licenced] with the same  
    17 license as Trac. 
     16This plugin follows the same [http://trac.edgewall.com/license.html licence] as Trac. 
    1817 
    1918== Requirements == 
     
    3029information about plugin installation. 
    3130 
    32 === Important note === 
     31==== Important note ==== 
    3332 
    3433You need to grab a recent version of Trac from the trunk to make the Ldap permission store extension work as expected.[[BR]] 
     
    147146# global permissions (vs. per-environment permissions) 
    148147global_perms = false 
     148# group permissions are managed as addition/removal to the LDAP directory groups 
     149manage_groups = true 
    149150}}} 
    150151 
     
    340341`/var/local/trac/test` and `/var/db/test`, they are both named "test" and share the same permissions. This is a known limitation of the current implementation. 
    341342 
     343== Group management == 
     344 
     345Starting from release '''v0.4.1''', the LdapPlugin permission store offers two ways to store group membership: 
     346 * Permission-based management (default setting):[[BR]]  
     347   In this configuration, the plugin mimics the original Trac membership management, but does not follow the LDAP way: group membership is defined as permission actions, which leads to manage permissions concurrently from the permission actions and the existing LDAP groups 
     348 * Ldap group management (recommended settings):[[BR]] 
     349   In this configuration, the plugin only uses the LDAP groups to manage group membership. The plugin adds or removes group members from existing LDAP groups 
     350 
     351The new group management scheme can be activated using the `manage_groups` option. 
     352 
     353==== Important notes ==== 
     354 
     355 1. The LDAP plugin is not able to create new groups or new users from scratch. Users and groups must already exist in the LDAP directory. It would be difficult to create a new LDAP group or a new LDAP user from Trac, as the creation of a LDAP resource usually requires properties which are not made available to the LDAP plugin.[[BR]] 
     356  The above point means that the Trac administrator should probably creates the users and the groups from outside the Trac administration console (or [trac:wiki:WebAdmin WebAdmin]). LdapPlugin is designed to integrate Trac with an existing LDAP directory, not to manage the directory. 
     357 1. Default LDAP group policy usually requires that each group contains at least one member. If the administrator tries to remove the last member of a LDAP group, the LdapPlugin may refuse to perform this action (depending on the LDAP server setup). 
     358 
    342359== Known limitations == 
    343360 
     
    369386 * '''v0.3.0''': Introduce per-environment permissions: permissions are defined to the current environment and do not overlap with other Trac environments using the same LDAP directory, unless the `global_perms` configuration parameters is set. 
    370387 * '''v0.4.0''': Major rewrite of the LdapPlugin to support Trac trunk [trac:changeset:3419 3419], including better support for groups (user dns may be part of a different subtree than group dns, such as `ou=people` vs. `ou=groups`), improved cache management, as well as many bug fixes and code clean up. 
     388 * '''v0.4.1''': Introduce a new feature: group management is done as addition and removal to the LDAP groups of names: instead of storing groups as trac permissions (as the default permission store does), the plugin is not able to add and remove members to the LDAP group of names. 
    371389 
    372390== Author/Contributors == 
    373391 
    374392'''Author:''' [wiki:eblot eblot] [[BR]] 
    375 '''Contributors:''' 
     393'''Contributors:''' wichert#wiggy.net 
    376394 
    377395[[TagIt(eblot,0.10,plugin)]]