Changes between Version 8 and Version 9 of DirectoryAuthPlugin/ConfigurationExamples

Timestamp:

Dec 10, 2016, 8:26:23 PM (7 years ago)

Author:

bebbo

Comment:

added Bebbo's example config

DirectoryAuthPlugin/ConfigurationExamples

@@ -63 +63 @@
 
 If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.
+
+== Bebbo's Example config
+
+{{{
+[account-manager]
+# my domain
+dir_basedn = dc=foo,dc=bar
+
+# my system user to use the ldap directory. This system user may read the whole trac tree in the LDAP server.
+dir_binddn = uid=systrac,ou=people,dc=foo,dc=bar
+dir_bindpw = veryVERY_S_E_C_R_E_T!1elf!
+
+# my ldap server is running on same host as trac
+dir_uri = ldap://127.0.0.1:389
+
+# I am using some 'standard' LDAP server, no Active Directory
+group_class_attr = groupOfUniqueNames
+member_attr = uniqueMember
+name_attr = displayName
+user_attr = uid
+
+# and I am using the full dn of groups
+group_nameattr = dn
+
+# below here are my trac specific groups
+group_basedn = ou=trac,ou=groups,dc=foo,dc=bar
+
+# and this is the group for all trac users
+group_validusers = @cn=user,ou=trac,ou=groups,dc=foo,dc=bar
+
+...
+
+[trac]
+...
+permission_store = UserExtensiblePermissionStore
+...
+
+}}}
+
+* restart trac
+
+Now you need a LDAP user who is a uniqueMember of the validusers group cn=user,ou=trac,ou=groups,dc=foo,dc=bar. Use this user for login.
+
+If this is working, stop trac and use trac-admin to give your user admin rights:
+{{{
+   trac-admin <tracinstance>
+   permission add <username> TRAC_ADMIN
+   quit
+}}}
+
+* restart trac
+
+After login your user has admin rights. Assign the TRAC_ADMIN permission to the group @cn=admin,ou=trac,ou=groups,dc=foo,dc=bar to grant TRAC_ADMIN to all users in that group: Use 'grant permssion', 'Action:' "TRAC_ADMIN", 'Subject:': "@cn=admin,ou=trac,ou=groups,dc=foo,dc=bar" and click add.
+
+
+
+