wiki:ActiveDirectoryAuthPlugin

Version 3 (modified by warren smith, 15 years ago) (diff)

--

Active Directory Auth Plugin

Description

The Active Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication against Active Directory.

One can specify a group which users must be a member of in order to log in. Additionally, one may specify an admin group. If a user is a member of the admin group, then they will automatically be granted the TRAC_ADMIN permission.

The Active Directory Auth plugin will also pull the email address and display name from Active Directory and populate the session_attribute table. See Populating ''Assign To'' Drop Down in Trac for more information on why.

Bugs/Feature Requests

Existing bugs and feature requests for ActiveDirectoryAuthPlugin are here.

If you have any issues, create a new ticket.

Download

Download the zipped source from [download:activedirectoryauthplugin here].

Source

You can check out ActiveDirectoryAuthPlugin from here using Subversion, or browse the source with Trac.

Install

Prerequisites

You must install AccountManagerPlugin in order to use this plugin.

Installation

Follow the Trac documentation on how to install Trac plugins

Examples

All config options go under the [account-manager] config heading. Options for this module are:

[account-manager]
#to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager
password_store = ADAuthStore
#define the Active Directory host address here.  A port other than default is set as
#hostname:port
ad_server = adserver.example.com
#the Active Directory's base DN to search from, this is likely just your domain
base_dn = DC=example,DC=com
#the user/password to search active directory from, it must be a valid
#username/password inside of active directory
bind_dn = ldapuser@example.com
bind_passwd = ldapuserpassword
#the DN (distinguishing name) for the group that contains users that can login to Trac
#if this isn't specified then any valid user in active directory is accepted
auth_group = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
#the DN for the group that contains users that should have the TRAC_ADMIN
#permission.  If this option is not given, no user groups will be give the
#TRAC_ADMIN permission.  This this option is enabled you must specify the
#UserExtensiblePermissionStore as the trac permission store, such as:
#[trac]
#permission_store = UserExtensiblePermissionStore
admin_group = CN=Administration,DC=example,DC=com

[trac]
permission_store = UserExtensiblePermissionStore

If you are unsure of what the DNs for your groups are, you may want to download an LDAP browser to inspect your Active Directory schema to find out a group's DN.

Recent Changes

ChangeLog macro failed
No node activedirectoryauthplugin at revision 18624

Author/Contributors

Author: pacopablo
Contributors: