[[PageOutline(2-5,Contents,pullout)]] = A password store for the !AccountManagerPlugin using LDAP == Description This plugin is a password store for the AccountManagerPlugin that provides authentication and group membership from an LDAP service. Users are authenticated by performing an LDAP bind against a directory using their credentials. The plugin will also pull the email address and username from the directory and populate the `session_attribute` table. Tested on Trac v1.0.1 + LdapPlugin + AccountManagerPlugin against [http://www.openldap.org/ OpenLDAP], the community developed LDAP software and licensed under its own BSD-like license. This plugin was started at the suggestion from comment:26:ticket:1147, k0s posted the plugin from ticket:1147 as a standalone hack. Based on that work the ticket [attachment:ldap-auth-store.patch:ticket:1600] was merged in the session store parts of [attachment:ldap_store.3.py:ticket:1147] and [attachment:account-manager-ldap.4.patch:ticket:1147]. == Bugs/Feature Requests Existing bugs and feature requests for LdapAuthStorePlugin are [report:9?COMPONENT=LdapAuthStorePlugin here]. If you have any issues, create a [/newticket?component=LdapAuthStorePlugin new ticket]. [[TicketQuery(component=LdapAuthStorePlugin,group=type,format=progress)]] == Download Download the zipped source from [export:ldapauthstoreplugin here]. == Source You can check out LdapAuthStorePlugin from [/svn/ldapauthstoreplugin here] using Subversion, or [source:ldapauthstoreplugin browse the source] with Trac. == Installation The plugins AccountManagerPlugin and LdapPlugin must be installed first to use this plugin. General instructions on installing Trac plugins can be found on the [TracPlugins#InstallingaTracplugin TracPlugins] page. == Configuration Edit your `trac.ini` file for the following changes: * Activate '''acct_mgr''', '''ldapplugin''', '''ldapauthstore''' in the [components] section. * Define LDAP related options in the [ldap] section. This would amount to the following: {{{#!ini [trac] ... permission_store = DefaultPermissionStore [account-manager] ... password_store = LdapAuthStore [components] acct_mgr.admin.accountmanageradminpage = enabled acct_mgr.api.accountmanager = enabled acct_mgr.web_ui.accountmodule = enabled acct_mgr.web_ui.loginmodule = enabled trac.web.auth.loginmodule = disabled ... ldapplugin.* = enabled ldapauthstore.* = enabled [ldap] # enable LDAP support for Trac enable = true # enable TLS support use_tls = false # LDAP directory host host = localhost # LDAP directory port (default port for LDAPS/TLS connections is 636) port = 389 # BaseDN basedn = dc=example,dc=com # Relative DN for users (defaults to none) user_rdn = ou=people # Relative DN for group of names (defaults to none) group_rdn = ou=groups # objectclass for groups groupname = groupOfNames # dn entry in a groupname groupmember = member # attribute name for a group groupattr = cn # attribute name for a user uidattr = uid # attribute name to store trac permission permattr = tracperm # filter to search for dn with 'permattr' attributes permfilter = objectclass=* # time, in seconds, before a cached entry is purged out of the local cache. cache_ttl = 900 # maximum number of entries in the cache cache_size = 100 # whether to perform an authenticated bind for group resolution group_bind = yes # whether to perform an authenticated bind for permision store operations store_bind = true # user for authenticated connection to the LDAP directory bind_user = cn=anonbind,dc=example,dc=com # password for authenticated connection bind_passwd = anonbind # global permissions (vs. per-environment permissions) global_perms = false # group permissions are managed as addition/removal to the LDAP directory groups manage_groups = true # whether a group member contains the full dn or a simple uid groupmemberisdn = yes ... # # ldapauthstore settings # #--- from #1147, not present in #1600 # default: basedn_filter = objectClass=* #basedn_filter = objectClass=inetOrgPerson #--- # default: name = name name = cn # default: email = email email = mail #--- from #1600, not present in #1147 # users must be in this group to use trac allusers_group = tracusers #--- }}} == Recent Changes [[ChangeLog(ldapauthstoreplugin, 3)]] == Author/Contributors '''Author:''' [wiki:k0s] [[BR]] '''Maintainer:''' [[Maintainer]][[BR]] '''Contributors:'''