Changes between Version 6 and Version 7 of LdapPlugin

Jan 3, 2006 12:50:03 AM (9 years ago)

Add info for 0.3.0 new feature: per-environment permissions


  • LdapPlugin

    v6 v7  
    129129# password for authenticated store bind 
    130130store_passwd = 
     131# global permissions (vs. per-environment permissions) 
     132global_perms = false 
    287289your LDAP directory. 
     291=== Global vs. Environment permissions === 
     293Starting from release '''v0.3.0''', permissions are not defined globally (unless `global_perms` is set in the environment configuration file), but on per-environment basis. 
     295With environment-wide permissions, it is now possible to define distinct permissions for each Trac environment (as long as their name differ) even if they access the same LDAP directory.[[BR]] 
     297The Trac LDAP permission attribute value are prefixed with the environment name.[[BR]] 
     298Using the previous example, assuming the environment name is named "test", permission attributes would become: 
     300dn: uid=courtney,dc=example,dc=org 
     301objectclass: user 
     302objectclass: trac 
     303tracperm: test:TICKET_VIEW 
     304tracperm: test:REPORT_CREATE 
     305tracperm: test:REPORT_VIEW 
     308It is still possible to use global permissions by setting in the `[ldap]` section of the environment configuration file: 
     310global_perms = true 
     313When a directory contains global permission directives, those permissions apply on every Trac environment accessing the LDAP directory, whichever the `global_perms` value. However, permissions are always created using the current environment permission setting. 
     315From the administrative point of view (`trac-admin`, [ WebAdmin], ...), there are no changes: permission are defined and retrieved as usual. 
     317''Note:'' The environment ''name'' is based on the root directory of the Trac environment. This means that if you use different environment with the same name, such as: 
     318`/var/local/trac/test` and `/var/db/test`, they are both named "test" and share the same permissions. This is a known limitation of the current implementation. 
    289320== Known limitations == 
    314345 * '''v0.2.2''': Introduce support for disting DN for users and groups (implemented suggestion described in #75) 
    315346 * '''v0.2.3''': Update to support the new boolean parsing introduced in the official Trac trunk 
     347 * '''v0.3.0''': Introduce per-environment permissions: permissions are defined to the current environment and do not overlap with other Trac environments using the same LDAP directory, unless the `global_perms` configuration parameters is set. 
    317349== Author/Contributors ==