Changes between Version 10 and Version 11 of DirectoryAuthPlugin/ConfigurationExamples
- Timestamp:
- Sep 6, 2017, 9:04:32 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DirectoryAuthPlugin/ConfigurationExamples
v10 v11 64 64 If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN. 65 65 66 == Bebbo's Example config 67 This configuration is valid for DirectoryAuthPlugin 2.1.0+ 66 == Bebbo's Example configuration 68 67 69 {{{ 68 This configuration is valid for DirectoryAuthPlugin 2.1.0+: 69 70 {{{#!ini 70 71 [account-manager] 71 72 # my domain 72 73 dir_basedn = dc=foo,dc=bar 73 74 74 # my system user to use the ldap directory. This system user may read the whole trac tree in the LDAP server.75 # my system user to use the ldap directory. This system user may read the whole Trac tree in the LDAP server. 75 76 dir_binddn = uid=systrac,ou=people,dc=foo,dc=bar 76 77 dir_bindpw = veryVERY_S_E_C_R_E_T!1elf! 77 78 78 # my ldap server is running on same host as trac79 # my ldap server is running on same host as Trac 79 80 dir_uri = ldap://127.0.0.1:389 80 81 … … 88 89 group_nameattr = dn 89 90 90 # below here are my trac specific groups91 # below here are my Trac specific groups 91 92 group_basedn = ou=trac,ou=groups,dc=foo,dc=bar 92 93 93 # and this is the group for all trac users94 # and this is the group for all Trac users 94 95 group_validusers = @cn=user,ou=trac,ou=groups,dc=foo,dc=bar 95 96 ...97 96 98 97 [trac] … … 103 102 }}} 104 103 105 * restart trac104 * restart Trac 106 105 107 106 Now you need a LDAP user who is a uniqueMember of the validusers group cn=user,ou=trac,ou=groups,dc=foo,dc=bar. Use this user for login. 108 107 109 If this is working, stop trac and use trac-admin to give your user admin rights:110 {{{ 111 112 113 108 If this is working, stop Trac and use trac-admin to give your user admin rights: 109 {{{#!sh 110 trac-admin <tracinstance> 111 permission add <username> TRAC_ADMIN 112 quit 114 113 }}} 115 114 116 * restart trac115 * restart Trac 117 116 118 After login your user has admin rights. Assign the TRAC_ADMIN permission to the group @cn=admin,ou=trac,ou=groups,dc=foo,dc=bar to grant TRAC_ADMIN to all users in that group: Use 'grant permssion', 'Action:' "TRAC_ADMIN", 'Subject:': "@cn=admin,ou=trac,ou=groups,dc=foo,dc=bar" and click add. 119 120 121 122 117 After login your user has admin rights. Assign the TRAC_ADMIN permission to the group @cn=admin,ou=trac,ou=groups,dc=foo,dc=bar to grant administrator rights to all users in that group: Use 'grant permission', 'Action:' "TRAC_ADMIN", 'Subject:': "@cn=admin,ou=trac,ou=groups,dc=foo,dc=bar" and click add.
