Changes between Version 36 and Version 37 of LdapPlugin
- Timestamp:
- Nov 20, 2009, 3:30:59 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
LdapPlugin
v36 v37 12 12 13 13 The original proposal for LDAP ACL is documented under ticket 14 [http://projects.edgewall.com/trac/ticket/535 Trac#535]on the official web site.15 16 This plugin follows the same [http://trac.edgewall.com/license.html license]as Trac.14 Trac#535 on the official web site. 15 16 This plugin follows the same license as Trac. 17 17 18 18 == Requirements == … … 25 25 26 26 You need the Python LDAP module. It can be retrieved from 27 [http://python-ldap.sourceforge.net/ python-ldap].[[BR]] LdapPlugin has been27 python-ldap.[[BR]] LdapPlugin has been 28 28 tested on a Debian Linux Sarge/Sid (2.4.x and 2.6.x) server, a Windows XP SP2 workstation, 29 29 as well as on !MacBookPro OS 10.4.8, all of them running Python 2.4 with Trac 'development' releases. 30 30 31 31 To use the egg file you need to have 32 [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.6+32 setuptools, version 0.6+ 33 33 installed.[[BR]]Please refer to the 34 [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins]page for34 TracPlugins page for 35 35 information about plugin installation. 36 36 … … 47 47 == Installation == 48 48 49 * Build the ''egg'' file following the plugin packaging [http://projects.edgewall.com/trac/wiki/TracDev/PluginDevelopment#Packaginganddeployingplugins instructions]49 * Build the ''egg'' file following the plugin packaging instructions 50 50 * Copy the `dist/LdapPlugin-0.y.z-py2.n.egg` file in your ''plugins'' project directory. 51 51 … … 55 55 protocol, as with any other Trac installation. Same authentication is available through IIS if you disable anonymous user and enable Integrated Windows Authentication on your site.[[BR]] 56 56 LdapPlugin retrieves the groups to which the authenticated user belongs and 57 checks the [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions]57 checks the TracPermissions 58 58 against these groups, along with the regular permissions for the user. 59 59 60 60 You probably want to use Apache2 LDAP authentication as well.[[BR]] 61 61 This topic is out of scope of this document but you may find useful information 62 on the official Apache2 [http://httpd.apache.org/docs-2.0/mod/mod_ldap.html mod_ldap]62 on the official Apache2 mod_ldap 63 63 web site. 64 64 … … 286 286 It is worth noting that the '''dn''' used for groups and for users may be 287 287 different, which should make things easier to add 288 [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions] into 289 your existing LDAP directory. 288 TracPermissions into your existing LDAP directory. For addition info read this [http://www.superiorpapers.com research paper]. 290 289 291 290 To differentiate a group name from a user name in `trac-admin`, prefix the group 292 name with the `@` characters. This syntax has been borrowed from [http://www.samba.org Samba]291 name with the `@` characters. This syntax has been borrowed from Samba 293 292 and many other software dealing with group management.[[BR]] 294 293 One would grant the above permissions using the following `trac-admin` commands … … 313 312 314 313 Once LDAP support has been activated, you can use `trac-admin` as usual to 315 define [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions].[[BR]]314 define TracPermissions.[[BR]] 316 315 However, you can now use the existing groups defined in your LDAP directory to 317 316 assign permissions. … … 430 429 When a directory contains global permission directives, those permissions apply on every Trac environment accessing the LDAP directory, whichever the `global_perms` value. However, permissions are always created using the current environment permission setting. 431 430 432 From the administrative point of view (`trac-admin`, [http://projects.edgewall.com/trac/wiki/WebAdmin WebAdmin], ...), there are no changes: permission are defined and retrieved as usual.431 From the administrative point of view (`trac-admin`, WebAdmin, ...), there are no changes: permission are defined and retrieved as usual. 433 432 434 433 ''Note:'' The environment ''name'' is based on the root directory of the Trac environment. This means that if you use different environment with the same name, such as: … … 501 500 502 501 * '''v0.0''': First attempt to write a LDAP bridge for Trac based on Trac 0.8, which required some hacks into the Trac engine. 503 * '''v0.1''': A new implementation has started on September, 1st '05, to profit from the new [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins]module architecture introduced in Trac 0.9-pre.[[BR]] This implementation should bring the following improvements:502 * '''v0.1''': A new implementation has started on September, 1st '05, to profit from the new TracPlugins module architecture introduced in Trac 0.9-pre.[[BR]] This implementation should bring the following improvements: 504 503 * includes a cache to dramatically reduce LDAP requests 505 * better handling of LDAP errors[[BR]]This extension works with Trac 0.9-pre1 and requires the [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.5a13504 * better handling of LDAP errors[[BR]]This extension works with Trac 0.9-pre1 and requires the setuptools, version 0.5a13 506 505 * '''v0.2''': This new release fixes up a couple of bugs and works with Trac 0.9-pre2. It requires the [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.6+.[[BR]]It introduces support for LDAP permission store: TracPermissions can now be stored into the LDAP directory, rather than in the SQL backend.[[BR]]Each feature (LDAP as a provider of group permissions, LDAP as a permission store) are independent and can be enabled or disabled on demand. 507 506 * '''v0.2.1''': Bug fixing