Changes between Version 16 and Version 17 of ActiveDirectoryAuthPlugin


Ignore:
Timestamp:
Sep 17, 2012, 7:00:15 PM (12 years ago)
Author:
branson
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ActiveDirectoryAuthPlugin

    v16 v17  
    11[[PageOutline(2-5,Contents,pullout)]]
    22= Active Directory Auth Plugin =
     3
     4'''NOTE:''' Major changes from 0.3
     5 - conf variables are renamed for standardization
     6 - now more directory type agnostic
     7 - soon will be renamed to DirectoryAuthPlugin
    38
    49== Description ==
     
    5762
    5863== Examples ==
     64'''NOTE: this has changed from 0.3 to 0.4!!!!'''
    5965
    6066All config options go under the [account-manager] config heading.  Options for this module are:
     
    6672password_store = ADAuthStore
    6773#--define the Active Directory host address here.  A port other than default(389) is set as
    68 hostname:port
    69 ad_server = adserver.example.com
     74ldap://hostname:port or ldaps://hostname:port
     75dir_uri = ldap://adserver.example.com
    7076#-- the Active Directory's base DN to search from, this is likely just your domain
    71 base_dn = DC=example,DC=com
    72 #-- the user/password to search active directory from, it must be a valid
    73 bind_dn = ldapuser@example.com
    74 bind_passwd = ldapuserpassword
    75 #-- show disabled users
    76 #   remember users MUST have logged in to get into the session table before they
    77 #   show up. 
    78 show_disabled_users = 1
     77dir_basedn = DC=example,DC=com
     78#-- the user/password to search the directory from, it must be a valid
     79dir_binddn = ldapuser@example.com
     80dir_bindpw = ldapuserpassword
    7981#-- timeout for an ldap operation before in seconds
    80 ldap_timeout = 5
     82dir_timeout = 5
    8183#-- the default charset for the ldap server
    82 charset = utf-9
    83 #-- the DN (distinguishing name) for the group that contains users that can login to Trac
    84 #   if this isn't specified then any valid user in active directory is accepted
    85 auth_group = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
    86 #-- the DN for the group that contains users that should have the TRAC_ADMIN
    87 #   permission.  If this option is not given, no user groups will be give the
    88 #   TRAC_ADMIN permission.  This this option is enabled you must specify the
    89 #   UserExtensiblePermissionStore as the trac permission store, such as:
     84dir_charset = utf-9
     85##### Userinfo
     86#-- the attribute containing the users login name, THIS MUST BE UNIQUE!
     87user_attr = sAMAccountName
     88#-- the attribute containing the users display name
     89name_attr = displayName
     90#-- the attribute containing the users email addy
     91email_attr = mail
     92##### Groups
     93#-- where to look for groups, uses dir_basedn if not defined.
     94group_basedn = ou=Groups,dc=foo,dc=net
     95#-- expand directory groups
     96group_expand = 1
     97#-- the name of a group .. uses user_attr if not defined.
     98group_attr = cn
     99#-- which attribute to look in for members
     100group_member_attr = member
     101#-- what to look for in the member_attr
     102group_member_value = dn
     103#-- the dn of a group that has valid users, all users if not enabled
     104group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
     105#-- the DN for a group automagically given TRAC_ADMIN
     106#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
    90107#   [trac]
    91108#   permission_store = UserExtensiblePermissionStore
    92 admin_group = CN=Administration,DC=example,DC=com
    93 #-- cached entry timeout in seconds
    94 cache_timeout = 90
    95 #-- memorycache size in entries
    96 memcache_size = 100
     109group_tracadmin = CN=Administration,DC=example,DC=com
     110#### Cache Tuning
     111#-- cached entry time to live in seconds
     112cache_ttl= 90
     113#-- memorycache size in entries, and a highwater warning mark
     114cache_memsize = 400
     115cache_memsize_warn 300
    97116#-- memory cache prune size in percentage
    98 memcache_prune_percent = 5
     117cache_memprune = 5
    99118
    100119[trac]