Changes between Version 55 and Version 56 of LdapPlugin
- Timestamp:
- Jan 31, 2012, 8:08:30 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
LdapPlugin
v55 v56 1 1 = LDAP extensions = 2 2 3 [[PageOutline( 1-3)]]3 [[PageOutline(2-5)]] 4 4 5 5 == Abstract == … … 7 7 LDAP support with group management has been added as a Trac extension. This 8 8 extension enables the use of existing LDAP groups to grant permissions rather than 9 defining permissions for every single user on the system. The latest release also 9 defining permissions for every single user on the system. 10 11 The latest release also 10 12 permits storage of permissions (both users and groups permissions) in the LDAP 11 13 directory itself rather than in the SQL backend. … … 33 35 ==== Important note ==== 34 36 35 You need to grab a recent version of Trac from the trunk to make the (optional) Ldap permission store extension work as expected.[[BR]] 37 1. '''You need to apply all patches mentioned in #6268 on Windows, otherwise the plugin will not work.''' 38 1. You need to grab a recent version of Trac from the trunk to make the (optional) Ldap permission store extension work as expected.[[BR]] 36 39 As the trunk API may vary without notice, the plugin may be broken if you run it with a different release. 37 40 … … 49 52 * Copy the `dist/LdapPlugin-0.y.z-py2.n.egg` file in your ''plugins'' project directory. 50 53 51 == Authentication == 54 == Configuration == 55 56 You must configure 3 different places: 57 1. '''Authentication (Apache configuration):''' Get access to the ldap server for reading out the groups 58 2. '''Configure the plugin (section [ldap] in trac.ini):''' Get the groups by mapping the interesting part of the server's LDAP directory to this plugin 59 3. '''Give Trac permissions to the groups (Trac web interface menu Admin):''': Map the known Trac permissions to the LDAP groups 60 61 === Authentication === 52 62 53 63 LdapPlugin does '''not''' perform authentication: Apache2 does, through the HTTP … … 64 74 You may find a [http://vanalboom.org/node/15 recent roundup] on the whole setup for both Apache and Trac quite helpful. 65 75 66 === Apache 2.0===76 ==== Apache 2.0 ==== 67 77 68 78 Here is an example of a typical LDAP section of an Apache2.0 configuration file: … … 81 91 }}} 82 92 83 === Apache 2.2===93 ==== Apache 2.2 ==== 84 94 85 95 Since the mod_auth_ldap module has been superseded by the mod_authnz_ldap module for Apache 2.2, the configuration also needs a little tweaking. The above example would now look like: … … 103 113 104 114 105 == Configuration==115 === Plugin Configuration === 106 116 107 117 You need to customize the `trac.ini` file of your project, then[[BR]] … … 193 203 }}} 194 204 195 == Note==205 ==== Note ==== 196 206 197 207 If you get an error message like this: … … 203 213 https://trac-hacks.org/ticket/6183 204 214 205 ==== Note about `group_rdn` and `user_rdn`====215 ===== Note about `group_rdn` and `user_rdn` ===== 206 216 207 217 Starting from release '''v0.4.0''', `group_basedn` and `user_basedn` options have been superseeded with `group_rdn` and `user_rdn`.[[BR]] … … 219 229 220 230 221 == Authenticated LDAP connections==231 ==== Authenticated LDAP connections ==== 222 232 223 233 If the server requires an authenticated connection to retrieve group permissions, … … 247 257 anybody. 248 258 249 == Ldap permission store==259 ==== Ldap permission store ==== 250 260 251 261 If you wish to use the LDAP permission store feature, you need to tell Trac to … … 319 329 (access control lists) that manages LDAP operations on a directory. 320 330 321 == Permissions==322 323 Once LDAP support has been activated, you can use `trac-admin` as usual to331 === Permissions === 332 333 Once LDAP support has been activated, you can use the web interface menu item `Admin` or `trac-admin` as usual to 324 334 define TracPermissions.[[BR]] 325 335 However, you can now use the existing groups defined in your LDAP directory to … … 362 372 your LDAP directory. 363 373 364 ==== Group of names====374 ===== Group of names ===== 365 375 366 376 There are usually two flavours to manage group permissions in LDAP: … … 415 425 }}} 416 426 417 === Global vs. Environment permissions===427 ==== Global vs. Environment permissions ==== 418 428 419 429 Starting from release '''v0.3.0''', permissions are not defined globally (unless `global_perms` is set in the environment configuration file), but on per-environment basis. … … 529 539 * '''v0.7.0''': Support for Trac 0.12 530 540 541 === Recent Changes === 542 543 [[ChangeLog(ldapplugin, 4)]] 544 531 545 == Author/Contributors == 532 546