Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Trac: Users

LDAP integration with 0.11rc1 question

  

 
Trac users RSS feed   Index | Next | Previous | View Threaded


derek.diget+trac-users at wmich

May 7, 2008, 11:59 AM

Post #1 of 6 (150 views)
Permalink
LDAP integration with 0.11rc1 question
I am working on an fresh 0.11rc1 install that we want to integrate with
our LDAP environment and being a trac newbie I have read several of the
account/LDAP plug-ins and I am not sure what combination we want to use.
Would this list be so nice and help me start on the correct foot and
path? :)


Quest:

1) To not use HTTP BasicAuth authentication:
Use "Account Manager Plug-in"
<//trac-hacks.org/wiki/AccountManagerPlugin>

Correct?


2) Authenticate users to our LDAP via AccountManagerPlugin's login page:
We don't want any "passwords" stored/cached within trac

Use what plug-in or combination?
- LDAPAuthStore?
- LdapPlugin?
- others?

Potential points of interest....
- We want user's "Full Name" and "Email Address" to be sync'd
with their displayName and mail attribute in LDAP as well as
being read-only within trac. (LDAP is the authoritative data
source for those two pieces of information and thus should
not be able to be modified within trac.) I think that we can
go grab that information with the LdapSessionSettingsPatch,
but how can we lock it down?

- Initially for our proof of concept installation we will want
to store group information within trac, but eventually we
will probably want to also get this information from LDAP.

- There might be more as I get further along.


So the short version is how to have user's login via a login page and
the authentication happens against LDAP.


Any pointers in my quest will be greatly appreciated.


--
***********************************************************************
Derek Diget Office of Information Technology
Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/
***********************************************************************

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 7, 2008, 12:21 PM

Post #2 of 6 (145 views)
Permalink
Re: LDAP integration with 0.11rc1 question [In reply to]
Derek Diget wrote:
>
> I am working on an fresh 0.11rc1 install that we want to integrate with
> our LDAP environment and being a trac newbie I have read several of the
> account/LDAP plug-ins and I am not sure what combination we want to use.
> Would this list be so nice and help me start on the correct foot and
> path? :)
>
>
> Quest:
>
> 1) To not use HTTP BasicAuth authentication:
> Use "Account Manager Plug-in"
> <//trac-hacks.org/wiki/AccountManagerPlugin>
>
> Correct?
>
>
> 2) Authenticate users to our LDAP via AccountManagerPlugin's login page:
> We don't want any "passwords" stored/cached within trac
>
> Use what plug-in or combination?

http://pypi.python.org/pypi/TracLDAPAuth

>
> Potential points of interest....
> - We want user's "Full Name" and "Email Address" to be sync'd
> with their displayName and mail attribute in LDAP as well as
> being read-only within trac. (LDAP is the authoritative data
> source for those two pieces of information and thus should
> not be able to be modified within trac.) I think that we can
> go grab that information with the LdapSessionSettingsPatch,
> but how can we lock it down?

This is currently annoying, but one of the openmoko guys has a nice
snippet to put in site.html to disable those two settings.

>
> - Initially for our proof of concept installation we will want
> to store group information within trac, but eventually we
> will probably want to also get this information from LDAP.

LdapPlugin handles this I think.

--Noah
Attachments: signature.asc (0.24 KB)


derek.diget+trac-users at wmich

May 7, 2008, 2:26 PM

Post #3 of 6 (144 views)
Permalink
Re: LDAP integration with 0.11rc1 question [In reply to]
On May 7, 2008 at 15:21 -0400, Noah Kantrowitz wrote:
=>Derek Diget wrote:
=>>
=>> 2) Authenticate users to our LDAP via AccountManagerPlugin's login page:
=>> We don't want any "passwords" stored/cached within trac
=>>
=>> Use what plug-in or combination?
=>
=>http://pypi.python.org/pypi/TracLDAPAuth

OK, installed the 2.4 egg, and I think that I have made the correct
updates to trac.ini by adding the following under the sections listed.


[components]
ldapauth.* = enabled

[account-manager]
password_store = LDAPStore

[ldap]
server = ldap.example.com
bind_dn = uid=%s,ou=people,dc=example,dc=com

(where example.com is replaced for our site.)


But....now when I try logging in from AccountManagerPlugin's login page,
I get a python traceback where the last few lines are as follows:


File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/config.py", line 462, in __get__
raise AttributeError('Cannot find an implementation of the "%s" '
AttributeError: Cannot find an implementation of the "IPasswordStore" interface named "LDAPStore". Please update the option account-manager.password_store in trac.ini


Didn't I already do that?

Suggestions on what I missed?



--
***********************************************************************
Derek Diget Office of Information Technology
Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/
***********************************************************************

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 7, 2008, 2:58 PM

Post #4 of 6 (143 views)
Permalink
Re: LDAP integration with 0.11rc1 question [In reply to]
Derek Diget wrote:
>
> On May 7, 2008 at 15:21 -0400, Noah Kantrowitz wrote:
> =>Derek Diget wrote:
> =>>
> =>> 2) Authenticate users to our LDAP via AccountManagerPlugin's login page:
> =>> We don't want any "passwords" stored/cached within trac
> =>>
> =>> Use what plug-in or combination?
> =>
> =>http://pypi.python.org/pypi/TracLDAPAuth
>
> OK, installed the 2.4 egg, and I think that I have made the correct
> updates to trac.ini by adding the following under the sections listed.
>
>
> [components]
> ldapauth.* = enabled
>
> [account-manager]
> password_store = LDAPStore
>
> [ldap]
> server = ldap.example.com
> bind_dn = uid=%s,ou=people,dc=example,dc=com
>
> (where example.com is replaced for our site.)
>
>
> But....now when I try logging in from AccountManagerPlugin's login page,
> I get a python traceback where the last few lines are as follows:
>
>
> File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/config.py", line 462, in __get__
> raise AttributeError('Cannot find an implementation of the "%s" '
> AttributeError: Cannot find an implementation of the "IPasswordStore" interface named "LDAPStore". Please update the option account-manager.password_store in trac.ini

Check your log for loading errors.

evil_twin: "logging" is http://trac.edgewall.org/wiki/TracLogging <--
Enable debug logging to file, ensure your environments log/ directory is
writeable by your web server user, check for errors.

You didn't mention installing the python-ldap modules, so be sure you
have those too.

--Noah
Attachments: signature.asc (0.24 KB)


derek.diget+trac-users at wmich

May 9, 2008, 2:52 PM

Post #5 of 6 (129 views)
Permalink
Re: LDAP integration with 0.11rc1 question [In reply to]
Sorry for the delayed response.....


On May 7, 2008 at 17:58 -0400, Noah Kantrowitz wrote:
=>Derek Diget wrote:
=>> On May 7, 2008 at 15:21 -0400, Noah Kantrowitz wrote:
=>> =>Derek Diget wrote:
=>> =>> =>> 2) Authenticate users to our LDAP via AccountManagerPlugin's login
=>> page:
=>> =>> We don't want any "passwords" stored/cached within trac
=>> =>> =>> Use what plug-in or combination?
=>> =>
=>> =>http://pypi.python.org/pypi/TracLDAPAuth
=>>
=>> OK, installed the 2.4 egg, and I think that I have made the correct updates
=>> to trac.ini by adding the following under the sections listed.
=>>
=>>
=>> [components]
=>> ldapauth.* = enabled
=>>
=>> [account-manager]
=>> password_store = LDAPStore
=>>
=>> [ldap]
=>> server = ldap.example.com
=>> bind_dn = uid=%s,ou=people,dc=example,dc=com
=>>
=>> (where example.com is replaced for our site.)
=>>
=>>
=>> But....now when I try logging in from AccountManagerPlugin's login page, I
=>> get a python traceback where the last few lines are as follows:
=>>
=>>
=>> File
=>> "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/config.py",
=>> line 462, in __get__
=>> raise AttributeError('Cannot find an implementation of the "%s" '
=>> AttributeError: Cannot find an implementation of the "IPasswordStore"
=>> interface named "LDAPStore". Please update the option
=>> account-manager.password_store in trac.ini
=>
=>Check your log for loading errors.
=>
=>evil_twin: "logging" is http://trac.edgewall.org/wiki/TracLogging <-- Enable
=>debug logging to file, ensure your environments log/ directory is writeable by
=>your web server user, check for errors.

Logging is enabled and the following lines might be of interest:

2008-05-09 17:35:35,407 Trac[loader] ERROR: Skipping "ldapauth.store =
ldapauth.store": (can't import "libssl.so.0.9.8: cannot open
shared object file: No such file or directory")


Not being a trac/python person, how do I help trac find the shared
object? (OpenSSL 0.9.8b is installed on the machine. Not sure if I
mentioned it but this is a CentOS 5 box.)



=>You didn't mention installing the python-ldap modules, so be sure you have
=>those too.

Yup, python_ldap-2.3.4-py2.4-linux-x86_64.egg was installed.


Here is the full Traceback from the log:


2008-05-09 17:36:03,059 Trac[main] ERROR: Cannot find an implementation of the "IPasswordStore" interface named "". Please update t
he option account-manager.password_store in trac.ini.
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/web/main.py", line 417, in _dispatch_request
dispatcher.dispatch(req)
File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/web/main.py", line 197, in dispatch
resp = chosen_handler.process_request(req)
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 363, in process_request
File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/web/api.py", line 168, in __getattr__
value = self.callbacks[name](self)
File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/web/main.py", line 131, in authenticate
authname = authenticator.authenticate(req)
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 346, in wrap
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 356, in authenticate
File "build/bdist.linux-x86_64/egg/acct_mgr/web_ui.py", line 383, in _remote_user
File "build/bdist.linux-x86_64/egg/acct_mgr/api.py", line 104, in check_password
File "build/bdist.linux-x86_64/egg/acct_mgr/api.py", line 120, in password_store
File "/usr/lib/python2.4/site-packages/Trac-0.11rc1-py2.4.egg/trac/config.py", line 462, in __get__
raise AttributeError('Cannot find an implementation of the "%s" '
AttributeError: Cannot find an implementation of the "IPasswordStore" interface named "". Please update the option account-manager.
password_store in trac.ini.


--
***********************************************************************
Derek Diget Office of Information Technology
Western Michigan University - Kalamazoo Michigan USA - www.wmich.edu/
***********************************************************************

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 10, 2008, 2:37 AM

Post #6 of 6 (128 views)
Permalink
Re: LDAP integration with 0.11rc1 question [In reply to]
Derek Diget wrote:
> 2008-05-09 17:35:35,407 Trac[loader] ERROR: Skipping "ldapauth.store =
> ldapauth.store": (can't import "libssl.so.0.9.8: cannot open
> shared object file: No such file or directory")
>
>
> Not being a trac/python person, how do I help trac find the shared
> object? (OpenSSL 0.9.8b is installed on the machine. Not sure if I
> mentioned it but this is a CentOS 5 box.)
>
>
>
> =>You didn't mention installing the python-ldap modules, so be sure you have
> =>those too.
>
> Yup, python_ldap-2.3.4-py2.4-linux-x86_64.egg was installed.

You probably want to install this from an rpm. Barring that, get out
ldd, and try to figure out where it is looking for the library, possibly
mucking in /etc/ld.so.conf if needed.

--Noah
Attachments: signature.asc (0.24 KB)

Trac users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.