Modify

Opened 10 years ago

Closed 10 years ago

#1089 closed enhancement (invalid)

LDAP password store

Reported by: eli.carter@… Owned by: Matt Good
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

I need to use LDAP for username/passwords.

Attachments (1)

accountmanagerplugin-ldap-1.patch (5.1 KB) - added by eli.carter@… 10 years ago.
Proof-of-concept patch

Download all attachments as: .zip

Change History (6)

Changed 10 years ago by eli.carter@…

Proof-of-concept patch

comment:1 Changed 10 years ago by eli.carter@…

Version 1 of this patch is a very rough implementation of an LDAP password store. It does not currently support changing passwords, deleting users, or anonymous binds. It ignores the protocol setting. Very large or slow LDAP directories will likely cause it problems. It has been only lightly tested so far.

Comments welcome. I'd like to see this (eventually) merged into AccountManagerPlugin once the quality is high enough.

comment:2 Changed 10 years ago by Alec Thomas

What capabilities does this provide beyond the LdapPlugin?

I think it's very unlikely that changing passwords, adding users, or deleting users (which looks like the only extra capability having this in AccountManagerPlugin would provide) would be wanted from within Trac as LDAP within enterprises usually wish to limit these actions.

comment:3 Changed 10 years ago by eli.carter@…

Use of the login form, which allows a real logout. I did not see a way to do that with LdapPlugin.

comment:4 Changed 10 years ago by eli.carter@…

Actually, to be more precise: LdapPlugin lets you store the permissions information in LDAP, but it leaves the LDAP authenticated login to Apache. And that implies no login form, and no real logout.

You might be able to use both LdapPlugin and this patch together, but I have not tried. (You would also wind up having some duplicated config info in trac.ini.)

comment:5 Changed 10 years ago by eli.carter@…

Resolution: invalid
Status: newclosed

Ahhhhh..... the undocumented HttpAuthStore will do what I want. So, I added documentation for it.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Matt Good.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.