Modify

Opened 8 years ago

Closed 5 years ago

#6508 closed defect (fixed)

UserExtensiblePermissionStore error

Reported by: anonymous Owned by: John Hampton
Priority: highest Component: DirectoryAuthPlugin
Severity: critical Keywords:
Cc: zhijiex@… Trac Release: 0.11

Description

I installed AccountManagerPlugin, LdapPlugin at trac 0.11.6. I can successfully to login Trac by AD's user and Passwd. But user store has no user info. So I installed ActiveDirectoryAuthPlugin and got a error: AttributeError: Cannot find an implementation of the "IPermissionStore" interface named "UserExtensiblePermissionStore". Please update the option trac.permission_store in trac.ini.

If I remove UserExtensiblePermissionStore from trac.ini there is no such mistake. But i can not find ActiveDirectoryAuthPlugin info from trac plugins. What should I fill in [components]

of trac.ini?

Attachments (0)

Change History (3)

comment:1 Changed 7 years ago by Christophe Drevet

I have the same error.

I'm digging into this plugin code to be able to use the UserExtensiblePermissionStore.

Since your post is 9 months old, I'm not sure if you still care about. Anyway, I managed to make it work without UserExtensiblePermissionStore (and then, without admin_group.)

Here is the content of my trac.ini :

# -*- coding: utf-8 -*-

[account-manager]
# Active Directory connection informations
ad_server = xxxxxxxxxxxxxxxx:3268
base_dn = DC=xxxx,DC=xxxx,DC=xxxx
bind_dn = xxxxxxxxxxxxxxxxxx@xxxx.xxxx.xxxx
bind_passwd = xxxxxxxxxxxxxxxxxxxxx
# Enable use of the AD plugin into account manager
password_store = ADAuthStore
# Group containing all authorized users
auth_group = CN=xxxxx,OU=xxxx,DC=xxxx,DC=xxxx,DC=xxxx


[components]
# disable HTTP authentication
trac.web.auth.loginmodule = disabled
# enable accountmanager
acct_mgr.api.accountmanager = enabled
acct_mgr.web_ui.loginmodule = enabled
# enable ActiveDirectoryAuthPlugin
tracext.adauth.auth.adauthstore = enabled

[ticket]
# liste déroulante d'utilisateurs pour l'affectation de tickets
restrict_owner = true

comment:2 Changed 7 years ago by John Hampton

Status: newassigned

OK, not entirely sure that I follow the discussion here.

To use the UserExtensiblePermissionStore, you simple enable adauth:

[components]
tracext.adauth.* = enabled

and then you set the permission_store to UserExtensiblePermissionStore:

[trac]
permission_store = UserExtensiblePermissionStore

you will also want to specify an AD group that you want to have admin access:

[account-manager]
admin_group = cn=TracAdmins,ou=Groups,dc=Example,dc=org

This the answer you're looking for?

comment:3 Changed 5 years ago by branson

Resolution: fixed
Status: assignedclosed

assume resolved .. no feedback.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain John Hampton.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.