Changes between Version 55 and Version 56 of LdapPlugin


Ignore:
Timestamp:
Jan 31, 2012, 9:08:30 AM (3 years ago)
Author:
falkb
Comment:

Clearer structure of config part; important hint about Windows; ChangeLog macro added

Legend:

Unmodified
Added
Removed
Modified
  • LdapPlugin

    v55 v56  
    11= LDAP extensions =
    22
    3 [[PageOutline(1-3)]]
     3[[PageOutline(2-5)]]
    44
    55== Abstract ==
     
    77LDAP support with group management has been added as a Trac extension. This
    88extension enables the use of existing LDAP groups to grant permissions rather than
    9 defining permissions for every single user on the system. The latest release also
     9defining permissions for every single user on the system.
     10
     11The latest release also
    1012permits storage of permissions (both users and groups permissions) in the LDAP
    1113directory itself rather than in the SQL backend.
     
    3335==== Important note ====
    3436
    35 You need to grab a recent version of Trac from the trunk to make the (optional) Ldap permission store extension work as expected.[[BR]]
     37 1. '''You need to apply all patches mentioned in #6268 on Windows, otherwise the plugin will not work.'''
     38 1. You need to grab a recent version of Trac from the trunk to make the (optional) Ldap permission store extension work as expected.[[BR]]
    3639As the trunk API may vary without notice, the plugin may be broken if you run it with a different release.
    3740
     
    4952 * Copy the `dist/LdapPlugin-0.y.z-py2.n.egg` file in your ''plugins'' project directory.
    5053
    51 == Authentication ==
     54== Configuration ==
     55
     56You must configure 3 different places:
     57 1. '''Authentication (Apache configuration):''' Get access to the ldap server for reading out the groups
     58 2. '''Configure the plugin (section [ldap] in trac.ini):''' Get the groups by mapping the interesting part of the server's LDAP directory to this plugin
     59 3. '''Give Trac permissions to the groups (Trac web interface menu Admin):''': Map the known Trac permissions to the LDAP groups
     60 
     61=== Authentication ===
    5262
    5363LdapPlugin does '''not''' perform authentication: Apache2 does, through the HTTP
     
    6474You may find a [http://vanalboom.org/node/15 recent roundup] on the whole setup for both Apache and Trac quite helpful.
    6575
    66 === Apache 2.0 ===
     76==== Apache 2.0 ====
    6777
    6878Here is an example of a typical LDAP section of an Apache2.0 configuration file:
     
    8191}}}
    8292
    83 === Apache 2.2 ===
     93==== Apache 2.2 ====
    8494
    8595Since the mod_auth_ldap module has been superseded by the mod_authnz_ldap module for Apache 2.2, the configuration also needs a little tweaking. The above example would now look like:
     
    103113
    104114
    105 == Configuration ==
     115=== Plugin Configuration ===
    106116
    107117You need to customize the `trac.ini` file of your project, then[[BR]]
     
    193203}}}
    194204
    195 == Note ==
     205==== Note ====
    196206
    197207If you get an error message like this:
     
    203213https://trac-hacks.org/ticket/6183
    204214
    205 ==== Note about `group_rdn` and `user_rdn` ====
     215===== Note about `group_rdn` and `user_rdn` =====
    206216
    207217Starting from release '''v0.4.0''', `group_basedn` and `user_basedn` options have been superseeded with `group_rdn` and `user_rdn`.[[BR]]
     
    219229
    220230
    221 == Authenticated LDAP connections ==
     231==== Authenticated LDAP connections ====
    222232
    223233If the server requires an authenticated connection to retrieve group permissions,
     
    247257anybody.
    248258
    249 == Ldap permission store ==
     259==== Ldap permission store ====
    250260
    251261If you wish to use the LDAP permission store feature, you need to tell Trac to
     
    319329(access control lists) that manages LDAP operations on a directory.
    320330
    321 == Permissions ==
    322 
    323 Once LDAP support has been activated, you can use `trac-admin` as usual to
     331=== Permissions ===
     332
     333Once LDAP support has been activated, you can use the web interface menu item `Admin` or `trac-admin` as usual to
    324334define TracPermissions.[[BR]]
    325335However, you can now use the existing groups defined in your LDAP directory to
     
    362372your LDAP directory.
    363373
    364 ==== Group of names ====
     374===== Group of names =====
    365375
    366376There are usually two flavours to manage group permissions in LDAP:
     
    415425}}}
    416426
    417 === Global vs. Environment permissions ===
     427==== Global vs. Environment permissions ====
    418428
    419429Starting from release '''v0.3.0''', permissions are not defined globally (unless `global_perms` is set in the environment configuration file), but on per-environment basis.
     
    529539 * '''v0.7.0''': Support for Trac 0.12
    530540
     541=== Recent Changes ===
     542
     543[[ChangeLog(ldapplugin, 4)]]
     544
    531545== Author/Contributors ==
    532546