Changes between Version 55 and Version 56 of LdapPlugin


Ignore:
Timestamp:
Jan 31, 2012 9:08:30 AM (2 years ago)
Author:
falkb
Comment:

Clearer structure of config part; important hint about Windows; ChangeLog macro added

Legend:

Unmodified
Added
Removed
Modified
  • LdapPlugin

    v55 v56  
    11= LDAP extensions = 
    22 
    3 [[PageOutline(1-3)]] 
     3[[PageOutline(2-5)]] 
    44 
    55== Abstract == 
     
    77LDAP support with group management has been added as a Trac extension. This 
    88extension enables the use of existing LDAP groups to grant permissions rather than  
    9 defining permissions for every single user on the system. The latest release also 
     9defining permissions for every single user on the system. 
     10 
     11The latest release also 
    1012permits storage of permissions (both users and groups permissions) in the LDAP  
    1113directory itself rather than in the SQL backend. 
     
    3335==== Important note ==== 
    3436 
    35 You need to grab a recent version of Trac from the trunk to make the (optional) Ldap permission store extension work as expected.[[BR]] 
     37 1. '''You need to apply all patches mentioned in #6268 on Windows, otherwise the plugin will not work.''' 
     38 1. You need to grab a recent version of Trac from the trunk to make the (optional) Ldap permission store extension work as expected.[[BR]] 
    3639As the trunk API may vary without notice, the plugin may be broken if you run it with a different release. 
    3740 
     
    4952 * Copy the `dist/LdapPlugin-0.y.z-py2.n.egg` file in your ''plugins'' project directory. 
    5053 
    51 == Authentication == 
     54== Configuration == 
     55 
     56You must configure 3 different places: 
     57 1. '''Authentication (Apache configuration):''' Get access to the ldap server for reading out the groups 
     58 2. '''Configure the plugin (section [ldap] in trac.ini):''' Get the groups by mapping the interesting part of the server's LDAP directory to this plugin 
     59 3. '''Give Trac permissions to the groups (Trac web interface menu Admin):''': Map the known Trac permissions to the LDAP groups 
     60  
     61=== Authentication === 
    5262 
    5363LdapPlugin does '''not''' perform authentication: Apache2 does, through the HTTP  
     
    6474You may find a [http://vanalboom.org/node/15 recent roundup] on the whole setup for both Apache and Trac quite helpful. 
    6575 
    66 === Apache 2.0 === 
     76==== Apache 2.0 ==== 
    6777 
    6878Here is an example of a typical LDAP section of an Apache2.0 configuration file: 
     
    8191}}} 
    8292 
    83 === Apache 2.2 === 
     93==== Apache 2.2 ==== 
    8494 
    8595Since the mod_auth_ldap module has been superseded by the mod_authnz_ldap module for Apache 2.2, the configuration also needs a little tweaking. The above example would now look like: 
     
    103113 
    104114 
    105 == Configuration == 
     115=== Plugin Configuration === 
    106116 
    107117You need to customize the `trac.ini` file of your project, then[[BR]] 
     
    193203}}} 
    194204 
    195 == Note == 
     205==== Note ==== 
    196206 
    197207If you get an error message like this: 
     
    203213https://trac-hacks.org/ticket/6183 
    204214 
    205 ==== Note about `group_rdn` and `user_rdn` ==== 
     215===== Note about `group_rdn` and `user_rdn` ===== 
    206216 
    207217Starting from release '''v0.4.0''', `group_basedn` and `user_basedn` options have been superseeded with `group_rdn` and `user_rdn`.[[BR]] 
     
    219229 
    220230 
    221 == Authenticated LDAP connections == 
     231==== Authenticated LDAP connections ==== 
    222232 
    223233If the server requires an authenticated connection to retrieve group permissions,  
     
    247257anybody. 
    248258 
    249 == Ldap permission store == 
     259==== Ldap permission store ==== 
    250260 
    251261If you wish to use the LDAP permission store feature, you need to tell Trac to 
     
    319329(access control lists) that manages LDAP operations on a directory. 
    320330 
    321 == Permissions == 
    322  
    323 Once LDAP support has been activated, you can use `trac-admin` as usual to  
     331=== Permissions === 
     332 
     333Once LDAP support has been activated, you can use the web interface menu item `Admin` or `trac-admin` as usual to  
    324334define TracPermissions.[[BR]] 
    325335However, you can now use the existing groups defined in your LDAP directory to  
     
    362372your LDAP directory. 
    363373 
    364 ==== Group of names ==== 
     374===== Group of names ===== 
    365375 
    366376There are usually two flavours to manage group permissions in LDAP: 
     
    415425}}} 
    416426 
    417 === Global vs. Environment permissions === 
     427==== Global vs. Environment permissions ==== 
    418428 
    419429Starting from release '''v0.3.0''', permissions are not defined globally (unless `global_perms` is set in the environment configuration file), but on per-environment basis. 
     
    529539 * '''v0.7.0''': Support for Trac 0.12 
    530540 
     541=== Recent Changes === 
     542 
     543[[ChangeLog(ldapplugin, 4)]] 
     544 
    531545== Author/Contributors == 
    532546