Changes between Version 10 and Version 11 of DirectoryAuthPlugin/ConfigurationExamples


Ignore:
Timestamp:
Sep 6, 2017, 9:04:32 AM (4 years ago)
Author:
figaro
Comment:

Further cosmetic changes

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin/ConfigurationExamples

    v10 v11  
    6464If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.
    6565
    66 == Bebbo's Example config
    67 This configuration is valid for DirectoryAuthPlugin 2.1.0+
     66== Bebbo's Example configuration
    6867
    69 {{{
     68This configuration is valid for DirectoryAuthPlugin 2.1.0+:
     69
     70{{{#!ini
    7071[account-manager]
    7172# my domain
    7273dir_basedn = dc=foo,dc=bar
    7374
    74 # my system user to use the ldap directory. This system user may read the whole trac tree in the LDAP server.
     75# my system user to use the ldap directory. This system user may read the whole Trac tree in the LDAP server.
    7576dir_binddn = uid=systrac,ou=people,dc=foo,dc=bar
    7677dir_bindpw = veryVERY_S_E_C_R_E_T!1elf!
    7778
    78 # my ldap server is running on same host as trac
     79# my ldap server is running on same host as Trac
    7980dir_uri = ldap://127.0.0.1:389
    8081
     
    8889group_nameattr = dn
    8990
    90 # below here are my trac specific groups
     91# below here are my Trac specific groups
    9192group_basedn = ou=trac,ou=groups,dc=foo,dc=bar
    9293
    93 # and this is the group for all trac users
     94# and this is the group for all Trac users
    9495group_validusers = @cn=user,ou=trac,ou=groups,dc=foo,dc=bar
    95 
    96 ...
    9796
    9897[trac]
     
    103102}}}
    104103
    105 * restart trac
     104* restart Trac
    106105
    107106Now you need a LDAP user who is a uniqueMember of the validusers group cn=user,ou=trac,ou=groups,dc=foo,dc=bar. Use this user for login.
    108107
    109 If this is working, stop trac and use trac-admin to give your user admin rights:
    110 {{{
    111    trac-admin <tracinstance>
    112    permission add <username> TRAC_ADMIN
    113    quit
     108If this is working, stop Trac and use trac-admin to give your user admin rights:
     109{{{#!sh
     110trac-admin <tracinstance>
     111permission add <username> TRAC_ADMIN
     112quit
    114113}}}
    115114
    116 * restart trac
     115* restart Trac
    117116
    118 After login your user has admin rights. Assign the TRAC_ADMIN permission to the group @cn=admin,ou=trac,ou=groups,dc=foo,dc=bar to grant TRAC_ADMIN to all users in that group: Use 'grant permssion', 'Action:' "TRAC_ADMIN", 'Subject:': "@cn=admin,ou=trac,ou=groups,dc=foo,dc=bar" and click add.
    119 
    120 
    121 
    122 
     117After login your user has admin rights. Assign the TRAC_ADMIN permission to the group @cn=admin,ou=trac,ou=groups,dc=foo,dc=bar to grant administrator rights to all users in that group: Use 'grant permission', 'Action:' "TRAC_ADMIN", 'Subject:': "@cn=admin,ou=trac,ou=groups,dc=foo,dc=bar" and click add.