LDAP password store

[eli.carter@…]

I need to use LDAP for username/passwords.

[eli.carter@…]

Proof-of-concept patch

[eli.carter@…]

Version 1​ of this patch is a very rough implementation of an LDAP password store. It does not currently support changing passwords, deleting users, or anonymous binds. It ignores the protocol setting. Very large or slow LDAP directories will likely cause it problems. It has been only lightly tested so far.

Comments welcome. I'd like to see this (eventually) merged into AccountManagerPlugin once the quality is high enough.

[Alec Thomas]

What capabilities does this provide beyond the LdapPlugin?

I think it's very unlikely that changing passwords, adding users, or deleting users (which looks like the only extra capability having this in AccountManagerPlugin would provide) would be wanted from within Trac as LDAP within enterprises usually wish to limit these actions.

[eli.carter@…]

Use of the login form, which allows a real logout. I did not see a way to do that with LdapPlugin.

[eli.carter@…]

Actually, to be more precise: LdapPlugin lets you store the permissions information in LDAP, but it leaves the LDAP authenticated login to Apache. And that implies no login form, and no real logout.

You might be able to use both LdapPlugin and this patch together, but I have not tried. (You would also wind up having some duplicated config info in trac.ini.)

[eli.carter@…]

Ahhhhh..... the undocumented HttpAuthStore will do what I want. So, I added documentation for it.