Changes between Version 36 and Version 37 of LdapPlugin


Ignore:
Timestamp:
Nov 20, 2009, 3:30:59 PM (14 years ago)
Author:
Nadin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • LdapPlugin

    v36 v37  
    1212
    1313The original proposal for LDAP ACL is documented under ticket
    14 [http://projects.edgewall.com/trac/ticket/535 Trac#535] on the official web site.
    15 
    16 This plugin follows the same [http://trac.edgewall.com/license.html license] as Trac.
     14Trac#535 on the official web site.
     15
     16This plugin follows the same license as Trac.
    1717
    1818== Requirements ==
     
    2525
    2626You need the Python LDAP module. It can be retrieved from
    27 [http://python-ldap.sourceforge.net/ python-ldap].[[BR]] LdapPlugin has been
     27python-ldap.[[BR]] LdapPlugin has been
    2828tested on a Debian Linux Sarge/Sid (2.4.x and 2.6.x) server, a Windows XP SP2 workstation, 
    2929as well as on !MacBookPro OS 10.4.8, all of them running Python 2.4 with Trac 'development' releases.
    3030
    3131To use the egg file you need to have
    32 [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.6+
     32setuptools, version 0.6+
    3333installed.[[BR]]Please refer to the
    34 [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] page for
     34TracPlugins page for
    3535information about plugin installation.
    3636
     
    4747== Installation ==
    4848
    49  * Build the ''egg'' file following the plugin packaging [http://projects.edgewall.com/trac/wiki/TracDev/PluginDevelopment#Packaginganddeployingplugins instructions]
     49 * Build the ''egg'' file following the plugin packaging instructions
    5050 * Copy the `dist/LdapPlugin-0.y.z-py2.n.egg` file in your ''plugins'' project directory.
    5151
     
    5555protocol, as with any other Trac installation. Same authentication is available through IIS if you disable anonymous user and enable Integrated Windows Authentication on your site.[[BR]]
    5656LdapPlugin retrieves the groups to which the authenticated user belongs and
    57 checks the [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions]
     57checks the TracPermissions
    5858against these groups, along with the regular permissions for the user.
    5959
    6060You probably want to use Apache2 LDAP authentication as well.[[BR]]
    6161This topic is out of scope of this document but you may find useful information
    62 on the official Apache2 [http://httpd.apache.org/docs-2.0/mod/mod_ldap.html mod_ldap]
     62on the official Apache2 mod_ldap
    6363web site.
    6464
     
    286286It is worth noting that the '''dn''' used for groups and for users may be
    287287different, which should make things easier to add
    288 [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions] into
    289 your existing LDAP directory.
     288TracPermissions into your existing LDAP directory. For addition info read this [http://www.superiorpapers.com research paper].
    290289
    291290To differentiate a group name from a user name in `trac-admin`, prefix the group
    292 name with the `@` characters. This syntax has been borrowed from [http://www.samba.org Samba]
     291name with the `@` characters. This syntax has been borrowed from Samba
    293292and many other software dealing with group management.[[BR]]
    294293One would grant the above permissions using the following `trac-admin` commands
     
    313312
    314313Once LDAP support has been activated, you can use `trac-admin` as usual to
    315 define [http://projects.edgewall.com/trac/wiki/TracPermissions TracPermissions].[[BR]]
     314define TracPermissions.[[BR]]
    316315However, you can now use the existing groups defined in your LDAP directory to
    317316assign permissions.
     
    430429When a directory contains global permission directives, those permissions apply on every Trac environment accessing the LDAP directory, whichever the `global_perms` value. However, permissions are always created using the current environment permission setting.
    431430
    432 From the administrative point of view (`trac-admin`, [http://projects.edgewall.com/trac/wiki/WebAdmin WebAdmin], ...), there are no changes: permission are defined and retrieved as usual.
     431From the administrative point of view (`trac-admin`, WebAdmin, ...), there are no changes: permission are defined and retrieved as usual.
    433432
    434433''Note:'' The environment ''name'' is based on the root directory of the Trac environment. This means that if you use different environment with the same name, such as:
     
    501500
    502501 * '''v0.0''': First attempt to write a LDAP bridge for Trac based on Trac 0.8, which required some hacks into the Trac engine.
    503  * '''v0.1''': A new implementation has started on September, 1st '05, to profit from the new [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] module  architecture introduced in Trac 0.9-pre.[[BR]] This implementation should bring the following improvements:
     502 * '''v0.1''': A new implementation has started on September, 1st '05, to profit from the new TracPlugins module  architecture introduced in Trac 0.9-pre.[[BR]] This implementation should bring the following improvements:
    504503   * includes a cache to dramatically reduce LDAP requests
    505    * better handling of LDAP errors[[BR]]This extension works with Trac 0.9-pre1 and requires the [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.5a13
     504   * better handling of LDAP errors[[BR]]This extension works with Trac 0.9-pre1 and requires the setuptools, version 0.5a13
    506505 * '''v0.2''': This new release fixes up a couple of bugs and works with Trac 0.9-pre2. It requires the [http://peak.telecommunity.com/DevCenter/setuptools setuptools], version 0.6+.[[BR]]It introduces support for LDAP permission store: TracPermissions can now be stored into the LDAP directory, rather than in the SQL backend.[[BR]]Each feature (LDAP as a provider of group permissions, LDAP as a permission store) are independent and can be enabled or disabled on demand.
    507506 * '''v0.2.1''': Bug fixing