Changes between Version 15 and Version 16 of LdapPlugin

Timestamp:

Jun 20, 2006, 12:30:54 AM (18 years ago)

Author:

anonymous

Comment:

Update for release 0.4.2

LdapPlugin

@@ -344 +344 @@
 
 Starting from release '''v0.4.1''', the LdapPlugin permission store offers two ways to store group membership:
- * Permission-based management (default setting):[[BR]] 
+ 1. Permission-based management (default setting):[[BR]] 
    In this configuration, the plugin mimics the original Trac membership management, but does not follow the LDAP way: group membership is defined as permission actions, which leads to manage permissions concurrently from the permission actions and the existing LDAP groups
- * Ldap group management (recommended settings):[[BR]]
-   In this configuration, the plugin only uses the LDAP groups to manage group membership. The plugin adds or removes group members from existing LDAP groups
+ 1. Ldap group management (recommended settings):[[BR]]
+   In this configuration, the plugin only uses the LDAP groups to manage group membership. The plugin adds or removes group members from existing LDAP groups[[BR]]
+
+==== Activation ====
 
 The new group management scheme can be activated using the `manage_groups` option.
+
+==== Example ====
+The following permission command
+{{{
+permission add eblot @developers
+}}}
+would lead to a very modification in the LDAP directory
+
+ 1. The ''permission-based'' setting would add a `tracperm` attribute to the user entry
+{{{
+# eblot, people, example.org
+dn: uid=eblot,ou=people,dc=example.org
+objectClass: tracuser
+tracperm: @developers
+...
+}}}
+ 1. The ''LDAP group'' setting would add a new `member` attribute to the group entry
+{{{
+# developers, groups, example.org
+dn: cn=developers,ou=groups,dc=example.org
+objectClass: groupOfNames
+objectClass: tracgroup
+member: uid=eblot,ou=people,dc=example.org
+...
+}}}
 
 ==== Important notes ====
@@ -356 +383 @@
   The above point means that the Trac administrator should probably creates the users and the groups from outside the Trac administration console (or [trac:wiki:WebAdmin WebAdmin]). LdapPlugin is designed to integrate Trac with an existing LDAP directory, not to manage the directory.
  1. Default LDAP group policy usually requires that each group contains at least one member. If the administrator tries to remove the last member of a LDAP group, the LdapPlugin may refuse to perform this action (depending on the LDAP server setup).
+ 1. Note that LDAP group management only deals with explicit groups, ''i.e.'' any word that starts with a `@` character. You can therefore mix aliases and LDAP directory groups:
+   * {{{permission add eblot devteam}}} is a group alias, managed as any Trac permission
+   * {{{permission add devteam @developers}}} is managed as a LDAP directory group (if `manage_groups` option is enabled)
 
 == Known limitations ==
@@ -387 +417 @@
  * '''v0.4.0''': Major rewrite of the LdapPlugin to support Trac trunk [trac:changeset:3419 3419], including better support for groups (user dns may be part of a different subtree than group dns, such as `ou=people` vs. `ou=groups`), improved cache management, as well as many bug fixes and code clean up.
  * '''v0.4.1''': Introduce a new feature: group management is done as addition and removal to the LDAP groups of names: instead of storing groups as trac permissions (as the default permission store does), the plugin is not able to add and remove members to the LDAP group of names.
+ * '''v0.4.2''': Fix up an important issue with the management of the caches. The plugin has also been tested with the [trac:wiki:WebAdmin WebAdmin] plugin.
 
 == Author/Contributors ==