| 65 | |
| 66 | == Bebbo's Example config |
| 67 | |
| 68 | {{{ |
| 69 | [account-manager] |
| 70 | # my domain |
| 71 | dir_basedn = dc=foo,dc=bar |
| 72 | |
| 73 | # my system user to use the ldap directory. This system user may read the whole trac tree in the LDAP server. |
| 74 | dir_binddn = uid=systrac,ou=people,dc=foo,dc=bar |
| 75 | dir_bindpw = veryVERY_S_E_C_R_E_T!1elf! |
| 76 | |
| 77 | # my ldap server is running on same host as trac |
| 78 | dir_uri = ldap://127.0.0.1:389 |
| 79 | |
| 80 | # I am using some 'standard' LDAP server, no Active Directory |
| 81 | group_class_attr = groupOfUniqueNames |
| 82 | member_attr = uniqueMember |
| 83 | name_attr = displayName |
| 84 | user_attr = uid |
| 85 | |
| 86 | # and I am using the full dn of groups |
| 87 | group_nameattr = dn |
| 88 | |
| 89 | # below here are my trac specific groups |
| 90 | group_basedn = ou=trac,ou=groups,dc=foo,dc=bar |
| 91 | |
| 92 | # and this is the group for all trac users |
| 93 | group_validusers = @cn=user,ou=trac,ou=groups,dc=foo,dc=bar |
| 94 | |
| 95 | ... |
| 96 | |
| 97 | [trac] |
| 98 | ... |
| 99 | permission_store = UserExtensiblePermissionStore |
| 100 | ... |
| 101 | |
| 102 | }}} |
| 103 | |
| 104 | * restart trac |
| 105 | |
| 106 | Now you need a LDAP user who is a uniqueMember of the validusers group cn=user,ou=trac,ou=groups,dc=foo,dc=bar. Use this user for login. |
| 107 | |
| 108 | If this is working, stop trac and use trac-admin to give your user admin rights: |
| 109 | {{{ |
| 110 | trac-admin <tracinstance> |
| 111 | permission add <username> TRAC_ADMIN |
| 112 | quit |
| 113 | }}} |
| 114 | |
| 115 | * restart trac |
| 116 | |
| 117 | After login your user has admin rights. Assign the TRAC_ADMIN permission to the group @cn=admin,ou=trac,ou=groups,dc=foo,dc=bar to grant TRAC_ADMIN to all users in that group: Use 'grant permssion', 'Action:' "TRAC_ADMIN", 'Subject:': "@cn=admin,ou=trac,ou=groups,dc=foo,dc=bar" and click add. |
| 118 | |
| 119 | |
| 120 | |
| 121 | |