Changes between Version 6 and Version 7 of LdapPlugin


Ignore:
Timestamp:
Jan 3, 2006, 12:50:03 AM (9 years ago)
Author:
eblot
Comment:

Add info for 0.3.0 new feature: per-environment permissions

Legend:

Unmodified
Added
Removed
Modified
  • LdapPlugin

    v6 v7  
    129129# password for authenticated store bind
    130130store_passwd =
     131# global permissions (vs. per-environment permissions)
     132global_perms = false
    131133}}}
    132134
     
    287289your LDAP directory.
    288290
     291=== Global vs. Environment permissions ===
     292
     293Starting from release '''v0.3.0''', permissions are not defined globally (unless `global_perms` is set in the environment configuration file), but on per-environment basis.
     294
     295With environment-wide permissions, it is now possible to define distinct permissions for each Trac environment (as long as their name differ) even if they access the same LDAP directory.[[BR]]
     296
     297The Trac LDAP permission attribute value are prefixed with the environment name.[[BR]]
     298Using the previous example, assuming the environment name is named "test", permission attributes would become:
     299{{{
     300dn: uid=courtney,dc=example,dc=org
     301objectclass: user
     302objectclass: trac
     303tracperm: test:TICKET_VIEW
     304tracperm: test:REPORT_CREATE
     305tracperm: test:REPORT_VIEW
     306}}}
     307
     308It is still possible to use global permissions by setting in the `[ldap]` section of the environment configuration file:
     309{{{
     310global_perms = true
     311}}}
     312
     313When a directory contains global permission directives, those permissions apply on every Trac environment accessing the LDAP directory, whichever the `global_perms` value. However, permissions are always created using the current environment permission setting.
     314
     315From the administrative point of view (`trac-admin`, [http://projects.edgewall.com/trac/wiki/WebAdmin WebAdmin], ...), there are no changes: permission are defined and retrieved as usual.
     316
     317''Note:'' The environment ''name'' is based on the root directory of the Trac environment. This means that if you use different environment with the same name, such as:
     318`/var/local/trac/test` and `/var/db/test`, they are both named "test" and share the same permissions. This is a known limitation of the current implementation.
     319
    289320== Known limitations ==
    290321
     
    314345 * '''v0.2.2''': Introduce support for disting DN for users and groups (implemented suggestion described in #75)
    315346 * '''v0.2.3''': Update to support the new boolean parsing introduced in the official Trac trunk
     347 * '''v0.3.0''': Introduce per-environment permissions: permissions are defined to the current environment and do not overlap with other Trac environments using the same LDAP directory, unless the `global_perms` configuration parameters is set.
    316348
    317349== Author/Contributors ==