Context Navigation

Changes between Version 2 and Version 3 of DirectoryAuthPlugin/ConfigurationExamples

Timestamp:: Jan 6, 2014, 6:53:52 PM (10 years ago)
Author:: patrick
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

DirectoryAuthPlugin/ConfigurationExamples

-                      v2
+                      v3
 All config options go under the [account-manager] config heading.  Options for this module are:
+'''For default values see: http://trac-hacks.org/browser/directoryauthplugin/trunk/tracext/dirauth/auth.py#L34'''
 {{{
 #!ini
 [account-manager]
+#--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager
+password_store = ADAuthStore
+#--define the Active Directory host address here.  A port other than default(389) is set as
+#  ldap://hostname:port or ldaps://hostname:port
+#-- To use this module with AccountManager, DirAuthStore must be enabled inside of AccountManager
+password_store = DirAuthStore
+#-- Text encoding used by the LDAP or Active Directory Server
+dir_charset = utf-8
+#-- 0=Base, 1=OneLevel, 2=Subtree
+dir_scope = 1
+#-- URI of the LDAP or Active Directory Server.
+#   A port other than default(389) is set as ldap://hostname:port or ldaps://hostname:port
 dir_uri = ldap://adserver.example.com
+#-- the Active Directory's base DN to search from, this is likely just your domain
+#-- DN used to bind to AD, leave blank for anonymous bind
+dir_binddn = ldapuser@example.com
+#-- Password used when binding to AD, leave blank for anonymous bind
+dir_bindpw = ldapuserpassword
+#-- LDAP response timeout in seconds
+dir_timeout = 5
+#-- Base DN used for account searches
 dir_basedn = DC=example,DC=com
+#-- the user/password to search the directory from, it must be a valid
+dir_binddn = ldapuser@example.com
+dir_bindpw = ldapuserpassword
+#-- timeout for an ldap operation before in seconds
+dir_timeout = 5
+#-- the default charset for the ldap server
+dir_charset = utf-8
+##### Userinfo
+#-- the attribute containing the users login name, THIS MUST BE UNIQUE!
+#-- Attribute of the user in the directory
 user_attr = sAMAccountName
 #-- the attribute containing the users display name
+#-- Attribute of the users name in the directory
 name_attr = displayName
 #-- the attribute containing the users email addy
+#-- Attribute of the users email in the directory
 email_attr = mail
+##### Groups
 #-- where to look for groups, uses dir_basedn if not defined.
+#-- Base DN used for group searches
 group_basedn = ou=Groups,dc=foo,dc=net
+#-- expand directory groups
+group_expand = 1
+#-- the name of a group .. uses user_attr if not defined.
+group_attr = cn
+#-- which attribute to look in for members
+group_member_attr = member
+#-- what to look for in the member_attr
+group_member_value = dn
+#-- the dn of a group that has valid users, all users if not enabled
+#-- CN of group containing valid users. If None, any AD user is valid
 group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
 #-- the DN for a group automagically given TRAC_ADMIN
+#-- CN of group containing TRAC_ADMIN users (can also assign TRAC_ADMIN to an LDAP group.)
 #   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
 #   [trac]
 #   permission_store = UserExtensiblePermissionStore
 group_tracadmin = CN=Administration,DC=example,DC=com
+#### Cache Tuning
+#-- cached entry time to live in seconds
+#-- Binary: expand ldap_groups into trac groups.
+group_expand = 1
+#-- Cache timeout in seconds
 cache_ttl= 90
 #-- memorycache size in entries, and a highwater warning mark
+#-- Size of memcache in entries, zero to disable
 cache_memsize = 400
+#-- Warning message for cache pruning in seconds
 cache_memsize_warn = 300
-#-- memory cache prune size in percentage
-cache_memprune = 5
-[trac]
-permission_store = UserExtensiblePermissionStore
 }}}