Mailing List Archive: Trac: Users

Trac authentication to Active Directory

Index | Next | Previous | View Threaded

garthk at gmail

Jan 19, 2007, 4:41 AM

Post #1 of 3 (493 views)
Permalink

Trac authentication to Active Directory

I'm having trouble having Trac authenticate against AD.

The usual mod_ldap bind/find isn't working for me, even using my own
account for the bind. So, I'd like to try having Trac do the work.

My Django authentication module works easily against AD because it
binds using the credentials of the user trying to log on. In short:

principalName = '%s@%s' % (username, domain)
l = ldap.open(server)
l.protocol_version = ldap.VERSION3
l.simple_bind_s(principalName, password)
return l

If I derive DirectLdapAuthentication from BasicAuthentication, can I
simply over-ride do_auth and plug in the code above?

How can I tell Trac to use DirectLdapAuthentication?

How can I populate account detail in Trac with details taken from AD?

Once I've got this working, I'll post the patch.

Yours,
Garth.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---

manu.blot at gmail

Jan 19, 2007, 6:44 AM

Post #2 of 3 (426 views)
Permalink

Re: Trac authentication to Active Directory [In reply to]

> Once I've got this working, I'll post the patch.

Don't make a patch (it would not get merged): write a plugin.
You'll find working examples for authentication plugin (which may ease
your work) on TracHacks.org. You can also store your own plugin on
this web site.

Cheers,
Manu.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---

pacopablo at pacopablo

Jan 19, 2007, 8:41 AM

Post #3 of 3 (439 views)
Permalink

Re: Trac authentication to Active Directory [In reply to]

Garth T Kidd wrote:
> If I derive DirectLdapAuthentication from BasicAuthentication, can I
> simply over-ride do_auth and plug in the code above?
>
> How can I tell Trac to use DirectLdapAuthentication?

I'd suggest making an account manager backend for this. This means
creating a plugin that implements the IPasswordStore interface from
account manager:

http://trac-hacks.org/browser/accountmanagerplugin/0.10/acct_mgr/api.py#L15

> How can I populate account detail in Trac with details taken from AD?

If you're referring to things like fullname and email address, this is a
little harder. unfortunately, the interface to the session table
(which holds the email addr, etc) hasn't been wrapped in a nice
interface. So the short answer is, you can't.

> Once I've got this working, I'll post the patch.

Like Emmanuel Blot said, I'd recommend making it a plugin and posting it
on trac-hacks.org

-John

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com