Modify

Opened 10 years ago

Last modified 8 months ago

#1600 new enhancement

[patch] Add a LdapAuthStore to AccountManagerPlugin

Reported by: . Owned by:
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: ldap authentication
Cc: ., lkraav, igoltz Trac Release: 0.11

Description

The patch provides authentication support via LDAP if AccountManagerPlugin is installed.

This allows a user to login, logout, and change their password.

No extra configuration outside of LdapPlugin (enable components, configure ldap) and AccountManagerPlugin (enable components) is required; by default, any user that is a member of the group tracusers is allowed to log in.

Attachments (2)

ldap-auth-store.patch (4.9 KB) - added by . 10 years ago.
Another iteration, listing users works, and updating the password too (if you apply #1602).
ldap_store.py (4.7 KB) - added by . 8 years ago.
attachment:ldap-auth-store.patch in non-patch form and with whitespace changes

Download all attachments as: .zip

Change History (14)

Changed 10 years ago by .

Attachment: ldap-auth-store.patch added

Another iteration, listing users works, and updating the password too (if you apply #1602).

comment:1 Changed 8 years ago by Jeff Hammel

see also #1147 and the various links from that ticket. Not sure if this is a duplicate? If this should be combined, etc.

comment:2 Changed 8 years ago by .

Cc: . added; g2p removed

Thanks k0s for putting this in version control.

Looking at some code comments in common, it seems my implementation shares some code with attachment:ticket:1147:ldap_store.py or some earlier common origin. Unfortunately I don't have VCS of that at hand.

(Aside: I think both tickets exist because this one was meant for the LdapPlugin maintainer rather than the TracAccountManager maintainer, but it turns out the former was hard to reach at that time. #1147 had two comments then.)

What follows is what I get from diffing my version of ldap_store vs the oldest one on #1147, and vs the one you kept in LdapAuthStore . I'm re-attaching ldap_store.py with minor spacing/ordering changes for easy diffing.

Compared to attachment:ticket:1147:ldap_store.py , attachment:ldap_store.py has user deletion, password change (but #1602 which makes it work in more cases has never been applied to TracACcountManager), and better authentication support in less code (by binding instead of doing case-by-case crypto by hand). My get_users implementation is configured to list the ldap group as configured in LdapPlugin. OTOH, my implementation has no caching.

Compared to source:ldapauthstoreplugin/0.11/ldapauthstore/ldap_store.py , which mostly adds more cases to the (IMHO superfluous) password handling, those differences subsist.

I'm not running Trac anymore, so I don't expect I'll bring my version up to scratch for LdapAuthStore .

Changed 8 years ago by .

Attachment: ldap_store.py added

attachment:ldap-auth-store.patch in non-patch form and with whitespace changes

comment:3 Changed 7 years ago by Steffen Hoffmann

Keywords: needinfo added; patch accountmanager removed
Owner: changed from g2p to Steffen Hoffmann
Summary: [PATCH] Authentication support[patch] Add a LdapAuthStore to AccountManagerPlugin

See my comment to #1602 for a follow-up on the topic, if there is still someone interested.

comment:4 Changed 7 years ago by Steffen Hoffmann

(In [9275]) AccountManagerPlugin: Add optional attribute old_password to set_password method, closes #1602.

This is a backwards-compatible API change. It's meant to prepare for adding AuthStores, that need to know both, old and new password for password change, like the proposed LdapAuthStore, refs #1600. Unittests are added to cover the method extension as well.

comment:5 Changed 7 years ago by Steffen Hoffmann

Component: LdapPluginAccountManagerPlugin

Dunno, why this ticket magically changed component, but revert the invisible change anyway.

comment:6 Changed 7 years ago by matt

The timing on this is fortuitous. I was just trying to work out the surprisingly large number of modules and patches I was running on my old server to get ldap authentication working properly in preparation for a server move and this looks like it will solve all my troubles.

There's definitely still interest here at least!

comment:7 in reply to:  6 Changed 7 years ago by Steffen Hoffmann

Keywords: needinfo removed
Status: newassigned
Trac Release: 0.100.11

Replying to matt:

![...] There's definitely still interest here at least!

I take this as a commitment to help with testing an upcoming implementation.

I've not done much on this enhancement within the last weeks, since I felt like working the list of tickets priority-wise down from the top would be a smarter approach than anything else, but this will definitely encourage me to take the time for completing the move started by the initial reporter.

As soon as I'm focusing development at this ticket, you'll see an updated patch attached here for code review prior to actual commit. My plan is to postpone setup for an own test environment dedicated to Ldap authentication, as long as I feel confidence, that you and others already have a suitable and reasonably generic test bed in place.

For now I recommend to keep an eye on recent trunk development in general, since latest and upcoming changes try to fix long-standing issues, that are most relevant to commercial and public Trac applications. And the upcoming application will be based on that code anyway.

comment:8 Changed 5 years ago by Steffen Hoffmann

(In [12398]) AccountManagerPlugin: Releasing version 0.4, pushing development to acct_mgr-0.5dev.

Availability of that code as stable release closes #874, #3459, #4677, #5295, #5691, #6616, #7577, #8076, #8685, #8770, #8791, #8990, #9052, #9079, #9090, #9139, #9246, #9252, #9547, #9618, #9676, #9843, #9852, #9940, #10023, #10028, #10123, #10142, #10204, #10276, #10397, #10412, #10594, #10625 and #10644.

Some more issues have been worked-on, yet without confirmed resolution, refs #5464 (for JiraToTracIntegration), #8927 and #10134.

And finally there are some issues and enhancement requests showing progress, but known to require more work to resolve them satisfactorily, refs #843, #1600, #5964, #8217, #8933.

Thanks to all contributors and followers, that enabled and encouraged a good portion of this development work.

comment:9 Changed 4 years ago by lkraav

Cc: lkraav added

comment:10 Changed 4 years ago by igoltz

combined #1600 with session store part from #1147 as plugin http://trac-hacks.org/wiki/LdapAuthStorePlugin rather than patch against LdapPlugin or AccountManagerPlugin

comment:11 Changed 4 years ago by igoltz

Cc: igoltz added

comment:12 Changed 8 months ago by Ryan J Ollos

Owner: Steffen Hoffmann deleted
Status: assignednew

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.