Version 1 (modified by branson, 6 years ago) (diff)


AD Group Management

The plugin extends AD group membership into the trac namespace. This means you can specify permissions for different groups of authenticated individuals.


Any groups found under the base_dn will be expanded into the name space

  • each group will have the name normalized by changing it to lower case, and changing spaces to underscores
  • the group name will be prefixed by an @ sign

cn=Domain Users,cn=Users,dc=ad,dc=com == @domain_users

Example Configurations

For example:

@domain_users          BLOG_CREATE
@domain_users          BLOG_MODIFY_ALL
@domain_users          BLOG_MODIFY_OWN
@domain_users          BROWSER_VIEW
@domain_users          DISCUSSION_APPEND
@domain_users          MYPAGE_VIEW
@domain_users          PRIVATE_EDIT_ATOL_SECURE
@domain_users          PRIVATE_VIEW_ATOL_SECURE
@domain_users          REPORT_SQL_VIEW
@domain_users          RES_RESERVE_MODIFY
@domain_users          RES_RESERVE_VIEW
@domain_users          RIPE_EDIT
@domain_users          TICKET_ADMIN
@domain_users          TSTATS_VIEW
@domain_users          WIKI_CREATE
@domain_users          WIKI_RENAME
@domain_users          XML_RPC
@ops           XML_RPC  
@sysops        DISCUSSION_ADMIN
@sysops        RIPE_ADMIN 
@sysops        TICKET_EDIT_CC
@sysops        WIKI_DELETE
@trac_admin    TRAC_ADMIN               
  • This gives the @domain_users group from AD a specific set of perms
  • the @branch_admins are using the PrivateWiki plugin to hide their passwords
  • as are the @ops group
  • @sysops are god like.
  • @trac_admins are .. well well trac_admins ;-)