Changes between Version 2 and Version 3 of DirectoryAuthPlugin/ConfigurationExamples
- Timestamp:
- Jan 6, 2014, 6:53:52 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DirectoryAuthPlugin/ConfigurationExamples
v2 v3 4 4 All config options go under the [account-manager] config heading. Options for this module are: 5 5 6 '''For default values see: http://trac-hacks.org/browser/directoryauthplugin/trunk/tracext/dirauth/auth.py#L34''' 7 6 8 {{{ 7 9 #!ini 8 10 [account-manager] 9 #--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager 10 password_store = ADAuthStore 11 #--define the Active Directory host address here. A port other than default(389) is set as 12 # ldap://hostname:port or ldaps://hostname:port 11 #-- To use this module with AccountManager, DirAuthStore must be enabled inside of AccountManager 12 password_store = DirAuthStore 13 14 #-- Text encoding used by the LDAP or Active Directory Server 15 dir_charset = utf-8 16 #-- 0=Base, 1=OneLevel, 2=Subtree 17 dir_scope = 1 18 #-- URI of the LDAP or Active Directory Server. 19 # A port other than default(389) is set as ldap://hostname:port or ldaps://hostname:port 13 20 dir_uri = ldap://adserver.example.com 14 #-- the Active Directory's base DN to search from, this is likely just your domain 21 #-- DN used to bind to AD, leave blank for anonymous bind 22 dir_binddn = ldapuser@example.com 23 #-- Password used when binding to AD, leave blank for anonymous bind 24 dir_bindpw = ldapuserpassword 25 #-- LDAP response timeout in seconds 26 dir_timeout = 5 27 #-- Base DN used for account searches 15 28 dir_basedn = DC=example,DC=com 16 #-- the user/password to search the directory from, it must be a valid 17 dir_binddn = ldapuser@example.com 18 dir_bindpw = ldapuserpassword 19 #-- timeout for an ldap operation before in seconds 20 dir_timeout = 5 21 #-- the default charset for the ldap server 22 dir_charset = utf-8 23 ##### Userinfo 24 #-- the attribute containing the users login name, THIS MUST BE UNIQUE! 29 30 #-- Attribute of the user in the directory 25 31 user_attr = sAMAccountName 26 #-- the attribute containing the users display name32 #-- Attribute of the users name in the directory 27 33 name_attr = displayName 28 #-- the attribute containing the users email addy34 #-- Attribute of the users email in the directory 29 35 email_attr = mail 30 ##### Groups 31 #-- where to look for groups, uses dir_basedn if not defined.36 37 #-- Base DN used for group searches 32 38 group_basedn = ou=Groups,dc=foo,dc=net 33 #-- expand directory groups 34 group_expand = 1 35 #-- the name of a group .. uses user_attr if not defined. 36 group_attr = cn 37 #-- which attribute to look in for members 38 group_member_attr = member 39 #-- what to look for in the member_attr 40 group_member_value = dn 41 #-- the dn of a group that has valid users, all users if not enabled 39 #-- CN of group containing valid users. If None, any AD user is valid 42 40 group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com 43 #-- the DN for a group automagically given TRAC_ADMIN41 #-- CN of group containing TRAC_ADMIN users (can also assign TRAC_ADMIN to an LDAP group.) 44 42 # if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as: 45 43 # [trac] 46 44 # permission_store = UserExtensiblePermissionStore 47 45 group_tracadmin = CN=Administration,DC=example,DC=com 48 #### Cache Tuning 49 #-- cached entry time to live in seconds 46 #-- Binary: expand ldap_groups into trac groups. 47 group_expand = 1 48 49 #-- Cache timeout in seconds 50 50 cache_ttl= 90 51 #-- memorycache size in entries, and a highwater warning mark51 #-- Size of memcache in entries, zero to disable 52 52 cache_memsize = 400 53 #-- Warning message for cache pruning in seconds 53 54 cache_memsize_warn = 300 54 #-- memory cache prune size in percentage55 cache_memprune = 556 57 [trac]58 permission_store = UserExtensiblePermissionStore59 55 }}} 60 56