Changes between Version 5 and Version 6 of DirectoryAuthPlugin

Timestamp:

Sep 18, 2012, 12:50:20 PM (12 years ago)

Author:

branson

Comment:

--

DirectoryAuthPlugin

@@ -10 +10 @@
 == Description ==
 
-The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from Lightweight Directory Access Protocol (LDAP) enabled service including [[http://www.openldap.org|OpenLdap]], [[http://en.wikipedia.org/wiki/Active_Directory|ActiveDirectory]] and [[en.wikipedia.org/wiki/Apple_Open_Directory|OpenDirectory]].
+The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from [http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol (LDAP)] enabled service including [http://www.openldap.org OpenLdap], [http://en.wikipedia.org/wiki/Active_Directory ActiveDirectory] and [http://en.wikipedia.org/wiki/Apple_Open_Directory OpenDirectory].
 
 Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.  See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why. 
@@ -22 +22 @@
  - Can expand directory groups into the Trac namespace
 
-See: [DirectoryAuthPlugin/TheoryOfOperation] for details
+See: [./TheoryOfOperation]
 
 
@@ -61 +61 @@
    1. restart the trac service or your webserver. 
 
-== Examples ==
-'''NOTE: this has changed from 0.3 to 0.4!!!!'''
+See [./ConfigurationExamples]
 
-All config options go under the [account-manager] config heading.  Options for this module are:
-
-{{{
-#!ini
-[account-manager]
-#--to use this module with AccountManager, ADAuthStore must be enabled inside of AccountManager
-password_store = ADAuthStore
-#--define the Active Directory host address here.  A port other than default(389) is set as
-#  ldap://hostname:port or ldaps://hostname:port
-dir_uri = ldap://adserver.example.com
-#-- the Active Directory's base DN to search from, this is likely just your domain
-dir_basedn = DC=example,DC=com
-#-- the user/password to search the directory from, it must be a valid
-dir_binddn = ldapuser@example.com
-dir_bindpw = ldapuserpassword
-#-- timeout for an ldap operation before in seconds
-dir_timeout = 5
-#-- the default charset for the ldap server
-dir_charset = utf-9
-##### Userinfo
-#-- the attribute containing the users login name, THIS MUST BE UNIQUE!
-user_attr = sAMAccountName
-#-- the attribute containing the users display name
-name_attr = displayName
-#-- the attribute containing the users email addy
-email_attr = mail
-##### Groups
-#-- where to look for groups, uses dir_basedn if not defined.
-group_basedn = ou=Groups,dc=foo,dc=net
-#-- expand directory groups
-group_expand = 1
-#-- the name of a group .. uses user_attr if not defined. 
-group_attr = cn
-#-- which attribute to look in for members
-group_member_attr = member
-#-- what to look for in the member_attr
-group_member_value = dn
-#-- the dn of a group that has valid users, all users if not enabled
-group_validusers = CN=Alltechs,OU=Mail enabled groups,OU=Email,DC=serverplus,DC=com
-#-- the DN for a group automagically given TRAC_ADMIN
-#   if this option is enabled you must specify the UserExtensiblePermissionStore as the trac permission store, such as:
-#   [trac]
-#   permission_store = UserExtensiblePermissionStore
-group_tracadmin = CN=Administration,DC=example,DC=com
-#### Cache Tuning
-#-- cached entry time to live in seconds 
-cache_ttl= 90
-#-- memorycache size in entries, and a highwater warning mark
-cache_memsize = 400
-cache_memsize_warn = 300
-#-- memory cache prune size in percentage
-cache_memprune = 5
-
-[trac]
-permission_store = UserExtensiblePermissionStore
-}}}
-
-If you are unsure of what the DNs for your groups are, you may want to use an LDAP browser to inspect your Active Directory schema to find out a group's DN.
 
 == Common Errors ==