Changes between Version 6 and Version 7 of DirectoryAuthPlugin
- Timestamp:
- Sep 18, 2012, 12:58:34 PM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DirectoryAuthPlugin
v6 v7 14 14 Users are authenticated by performing an ldap_bind against a directory using their credentials. The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table. See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why. 15 15 16 This plugin was built upon the excellent ActiveDirectoryAuthPlugin by pacopablo .. much thanks for the original! 17 16 18 == Features == 17 19 - Can use a service account to do lookups, or anonymous binding … … 22 24 - Can expand directory groups into the Trac namespace 23 25 24 See: [ ./TheoryOfOperation]26 See: [DirectoryAuthPlugin/TheoryOfOperation TheoryOfOperation] 25 27 26 28 … … 47 49 - You must install AccountManagerPlugin in order to use this plugin. 48 50 - Python-LDAP is also required and can be downloaded [http://pypi.python.org/pypi/python-ldap/ here] 51 - for SSL, you will have to install and configure OpenSSL to work with valid certificates. ( you can test using ldapsearch -Z ) 49 52 50 53 ==== Installation ==== … … 61 64 1. restart the trac service or your webserver. 62 65 63 See [./ConfigurationExamples] 64 66 See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples] 65 67 66 68 == Common Errors == 69 - When using SSL, the server won't authenticate. Make sure you can use ldapsearch -Z with the same parameters from the same host, and resolve the issues there. A handy way to do that is use: 70 {{{ 71 joe@admin > ldapsearch -d8 -Z -x -b dc=base,dc=net -D binding@base.net -W -H ldaps://ldap.base.net -s one 'objectclass=person' 72 }}} 73 The {{{-d8}}} should show you TLS errors. 67 74 68 If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268. This may happen when AD is running across multiple machines.75 - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268. This may happen when AD is running across multiple machines. 69 76 70 77 == Recent Changes ==