Changes between Version 4 and Version 5 of DirectoryAuthPlugin


Ignore:
Timestamp:
Sep 18, 2012, 12:42:56 PM (12 years ago)
Author:
branson
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • DirectoryAuthPlugin

    v4 v5  
    1010== Description ==
    1111
    12 The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Active Directory.
     12The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Lightweight Directory Access Protocol (LDAP) enabled service including [[http://www.openldap.org|OpenLdap]], [[http://en.wikipedia.org/wiki/Active_Directory|ActiveDirectory]] and [[en.wikipedia.org/wiki/Apple_Open_Directory|OpenDirectory]].
    1313
    14 Users are authenticated by performing an ldap_bind against an LDAP or AD server using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.
     14Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.
    1515
    16 == Groups ==
    17  - One can specify a group which users must be a member of in order to log in. 
    18  - Additionally, one may specify an ''admin'' group.  If a user is a member of the ''admin'' group, then they will automatically be granted the `TRAC_ADMIN` permission.
    19  - Finally, Directory groups are extended into the trac namespace.  They can be used to extend permissions by group.
    20    - directory groups are prefixed by @
    21    - group names are lowercase and spaces are replaced with underscores.
     16== Features ==
     17 - Can use a service account to do lookups, or anonymous binding
     18 - Can use SSL if openssl is configured correctly ( I am working on some documentation for this )
     19 - Configurable .. many options to deal with the differences between directories and schema
     20 - Uses both memory and db based caching to improve performance
     21 - Now supports LARGE directories
     22 - Can expand directory groups into the Trac namespace
    2223
    23  See [DirectoryAuthPlugin/GroupManagement GroupManagement] for more details.
     24See: [DirectoryAuthPlugin/TheoryOfOperation] for details
    2425
    25 == Caching ==
    26 Given the expense of traversing the network for authorizations, a two-stage cache has been implemented.  This caches data in the database for all instances of python, and in memory for each instance; while maintaining expiration and flushing the cache(s) as necessary. See: [DirectoryAuthPlugin/CacheManagement CacheManagement] for details.
    2726
    2827== Bugs/Feature Requests ==