Changes between Version 1 and Version 2 of DirectoryAuthPlugin/GroupManagement


Ignore:
Timestamp:
Mar 22, 2015, 11:39:53 AM (9 years ago)
Author:
figaro
Comment:

Cosmetic changes

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin/GroupManagement

    v1 v2  
    1 [[PageOutline]]
    2 = AD Group Management =
     1[[PageOutline(2-5,Contents,pullout)]]
    32
    4 The plugin extends Directory group membership into the trac namespace.  This means you can specify permissions for different groups of authenticated individuals.
     3= ActiveDirectory Group Management
    54
    6 == Theory ==
    7  LDAP maintains groups by defining the objectClass, and usually contains member or memberUID as the identifier for each person in a group.  When a request for a group, as defined in the permissions, is searched, the group is expanded to the members.  It's then used to match.
     5The plugin extends ActiveDirectory group membership into the Trac namespace. This means you can specify permissions for different groups of authenticated individuals.
    86
    9 == Usage ==
     7== Theory
    108
    11  1. create the groups in the directory you'd like ( say cn=Staff,dc=home,dc=net )
    12  2. add users to the groups
    13  3. goto Admin -> Permissions and create a group by adding permissions to the group name as defined below. Ao for example use Grant Permission with
    14     Subject: @staff
    15     Permission: WIKI_EDIT
     9LDAP maintains groups by defining the objectClass, and usually contains member or memberUID as the identifier for each person in a group. When a request for a group, as defined in the permissions, is searched, the group is expanded to the members. It's then used to match.
    1610
    17 '''NOTE:''' groups will NOT show up per user until they're defined from the Permissions page.
    18 == Validation ==
    19  To validate users, you'll need to login wiht perms to the TRAC_HOME directory .. and then use
     11== Usage
     12
     13 1. Create the groups in the directory you would like, for example: cn=Staff,dc=home,dc=net.
     14 2. Add users to the groups.
     15 3. Go to Admin -> Permissions and create a group by adding permissions to the group name as defined below. For example use Grant Permission with
     16  * Subject: @staff
     17  * Permission: WIKI_EDIT
     18
     19'''Note:''' groups will NOT show up per user until they're defined from the Permissions page.
     20
     21== Validation
     22
     23To validate users, you will need to login with permissions to the TRAC_HOME directory, and then use:
    2024{{{
    21  me@here > sudo trac-admin /var/trac/mytrac permission list {user}
     25sudo trac-admin /var/trac/mytrac permission list {user}
    2226}}}
    2327
    24 == Configuration ==
     28== Configuration
    2529
    26  Any groups found under the base_dn will be expanded into the name space
     30Any groups found under the base_dn will be expanded into the name space:
    2731 - each group will have the name normalized by changing it to lower case, and changing spaces to underscores
    28  - the group name will be prefixed by an @ sign
     32 - the group name will be prefixed by an `@` sign:
    2933
    3034   {{{cn=Domain Users,cn=Users,dc=ad,dc=com}}} == @domain_users
    31 == Example Configurations ==
     35
     36== Example Configurations
     37
    3238For example:
    3339{{{
     
    6066}}}
    6167
    62  - This gives the @domain_users group from AD a specific set of perms
    63  - the @branch_admins are using the PrivateWiki plugin to hide their passwords
    64  - as are the @ops group
    65  - @sysops are god like.
    66  - @trac_admins are .. well well trac_admins ;-)
     68This gives the @domain_users group from ActiveDirectory a specific set of permissions.
     69The @branch_admins are using the PrivateWiki plugin to hide their passwords, as are the @ops group.
     70 - @sysops are god like
     71 - @trac_admins are trac_admins