| | 1 | == Examples == |
| | 2 | '''NOTE: this has changed from 0.3 to 0.4!!!!''' |
| | 3 | |
| | 4 | All config options go under the [account-manager] config heading. Options for this module are: |
| | 5 | |
| | 6 | {{{ |
| | 7 | #!ini |
| | 8 | [account-manager] |
| | 9 | #--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager |
| | 10 | password_store = ADAuthStore |
| | 11 | #--define the Active Directory host address here. A port other than default(389) is set as |
| | 12 | # ldap://hostname:port or ldaps://hostname:port |
| | 13 | dir_uri = ldap://adserver.example.com |
| | 14 | #-- the Active Directory's base DN to search from, this is likely just your domain |
| | 15 | dir_basedn = DC=example,DC=com |
| | 16 | #-- the user/password to search the directory from, it must be a valid |
| | 17 | dir_binddn = ldapuser@example.com |
| | 18 | dir_bindpw = ldapuserpassword |
| | 19 | #-- timeout for an ldap operation before in seconds |
| | 20 | dir_timeout = 5 |
| | 21 | #-- the default charset for the ldap server |
| | 22 | dir_charset = utf-9 |
| | 23 | ##### Userinfo |
| | 24 | #-- the attribute containing the users login name, THIS MUST BE UNIQUE! |
| | 25 | user_attr = sAMAccountName |
| | 26 | #-- the attribute containing the users display name |
| | 27 | name_attr = displayName |
| | 28 | #-- the attribute containing the users email addy |
| | 29 | email_attr = mail |
| | 30 | ##### Groups |
| | 31 | #-- where to look for groups, uses dir_basedn if not defined. |
| | 32 | group_basedn = ou=Groups,dc=foo,dc=net |
| | 33 | #-- expand directory groups |
| | 34 | group_expand = 1 |
| | 35 | #-- the name of a group .. uses user_attr if not defined. |
| | 36 | group_attr = cn |
| | 37 | #-- which attribute to look in for members |
| | 38 | group_member_attr = member |
| | 39 | #-- what to look for in the member_attr |
| | 40 | group_member_value = dn |
| | 41 | #-- the dn of a group that has valid users, all users if not enabled |
| | 42 | group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com |
| | 43 | #-- the DN for a group automagically given TRAC_ADMIN |
| | 44 | # if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as: |
| | 45 | # [trac] |
| | 46 | # permission_store = UserExtensiblePermissionStore |
| | 47 | group_tracadmin = CN=Administration,DC=example,DC=com |
| | 48 | #### Cache Tuning |
| | 49 | #-- cached entry time to live in seconds |
| | 50 | cache_ttl= 90 |
| | 51 | #-- memorycache size in entries, and a highwater warning mark |
| | 52 | cache_memsize = 400 |
| | 53 | cache_memsize_warn = 300 |
| | 54 | #-- memory cache prune size in percentage |
| | 55 | cache_memprune = 5 |
| | 56 | |
| | 57 | [trac] |
| | 58 | permission_store = UserExtensiblePermissionStore |
| | 59 | }}} |
| | 60 | |
| | 61 | If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN. |
