Opened 18 years ago
Closed 18 years ago
#1089 closed enhancement (invalid)
LDAP password store
Reported by: | Owned by: | Matt Good | |
---|---|---|---|
Priority: | normal | Component: | AccountManagerPlugin |
Severity: | normal | Keywords: | |
Cc: | Trac Release: | 0.10 |
Description
I need to use LDAP for username/passwords.
Attachments (1)
Change History (6)
Changed 18 years ago by
Attachment: | accountmanagerplugin-ldap-1.patch added |
---|
comment:1 Changed 18 years ago by
Version 1 of this patch is a very rough implementation of an LDAP password store. It does not currently support changing passwords, deleting users, or anonymous binds. It ignores the protocol setting. Very large or slow LDAP directories will likely cause it problems. It has been only lightly tested so far.
Comments welcome. I'd like to see this (eventually) merged into AccountManagerPlugin once the quality is high enough.
comment:2 Changed 18 years ago by
What capabilities does this provide beyond the LdapPlugin?
I think it's very unlikely that changing passwords, adding users, or deleting users (which looks like the only extra capability having this in AccountManagerPlugin would provide) would be wanted from within Trac as LDAP within enterprises usually wish to limit these actions.
comment:3 Changed 18 years ago by
Use of the login form, which allows a real logout. I did not see a way to do that with LdapPlugin.
comment:4 Changed 18 years ago by
Actually, to be more precise: LdapPlugin lets you store the permissions information in LDAP, but it leaves the LDAP authenticated login to Apache. And that implies no login form, and no real logout.
You might be able to use both LdapPlugin and this patch together, but I have not tried. (You would also wind up having some duplicated config info in trac.ini.)
comment:5 Changed 18 years ago by
Resolution: | → invalid |
---|---|
Status: | new → closed |
Ahhhhh..... the undocumented HttpAuthStore will do what I want. So, I added documentation for it.
Proof-of-concept patch