Configuration examples for the DirectoryAuthPlugin

All config options go under the [account-manager] configuration heading in your trac.ini file. Options for this module are:

For default values see:

#-- To use this module with AccountManager, DirAuthStore must be enabled inside of AccountManager
password_store = DirAuthStore

#-- Text encoding used by the LDAP or Active Directory Server
dir_charset = utf-8
#-- 0=Base, 1=OneLevel, 2=Subtree
dir_scope = 1
#-- URI of the LDAP or Active Directory Server.  
#   A port other than default(389) is set as ldap://hostname:port or ldaps://hostname:port
dir_uri = ldap://
#-- DN used to bind to AD, leave blank for anonymous bind
dir_binddn =
#-- Password used when binding to AD, leave blank for anonymous bind
dir_bindpw = ldapuserpassword
#-- LDAP response timeout in seconds
dir_timeout = 5
#-- Base DN used for account searches
dir_basedn = DC=example,DC=com

#-- Attribute of the user in the directory
user_attr = sAMAccountName
#-- Attribute of the users name in the directory
name_attr = displayName
#-- Attribute of the users email in the directory
email_attr = mail

#-- Base DN used for group searches
group_basedn = OU=trac groups,OU=Email,DC=serverplus,DC=com
#-- name of group containing valid users. If None, any AD user is valid
#   with the value @alltechs and the group_basedn above, this group would work:
#   cn=alltechs,OU=trac groups,OU=Email,DC=serverplus,DC=com yields @alltechs
#   cn=alltechs,ou=boat,OU=trac groups,OU=Email,DC=serverplus,DC=com also yields @alltechs
#   the cn must be unique in the group_basedn tree!
group_validusers = @alltechs
#-- nameof group containing TRAC_ADMIN users (can also assign TRAC_ADMIN to an LDAP group.)
#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
#   [trac]
#   permission_store = UserExtensiblePermissionStore
#   using the UserExtensiblePermissionStore all groups below the group_basedn appear as groups for trac permissions
#   cn=administration,OU=trac groups,OU=Email,DC=serverplus,DC=com yields @administration
#   cn=administration,ou=submarine,OU=trac groups,OU=Email,DC=serverplus,DC=com also yields @administration
group_tracadmin = @administration
#-- Binary: expand ldap_groups into trac groups.
group_expand = 1

#-- Cache timeout in seconds 
cache_ttl= 90
#-- Size of memcache in entries, zero to disable
cache_memsize = 400
#-- Warning message for cache pruning in seconds
cache_memsize_warn = 300

If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.

Last modified 8 weeks ago Last modified on Oct 16, 2016, 6:23:44 PM