funsheep at gmx
Jul 9, 2009, 3:30 PM
Post #1 of 1
(193 views)
Permalink
|
|
Problems with authzpolicy
|
|
Hi,
i'm running a trac 0.11.4 system on an apache2 server. I'm running the
authentification of a user (the login) through a ldap-server and i
wanted to have the trac-permissions checked by the AuthzPolicy. I have
• added the authz_policy field to the trac.ini and a correct path to
an authz.conf file
• i have enabled the plugin (and for testing purposes disabled all
other plugins)
• i have set permission_policies = AuthzPolicy?
• authz_policy.py loaded from authz_policy.py - as stated on the
website
• The trac installation is a fresh one, without editing anything.
Trac was installed with easy_install
• The environment is also a fresh one
• There is a global trac.ini defining the standard
permission_policies among other things
• And there is a environment specific trac.ini overwriting some of
the definitions
My authz.conf looks like:
# vim: syntax=dosini
[groups]
administrator = me
developer = dev1, dev2, dev3
# Match everything else
[*] @administrator = TRAC_ADMIN
anonymous = BLOG_VIEW, BROWSER_VIEW, CHANGESET_VIEW, FILE_VIEW,
LOG_VIEW, MILESTONE_VIEW, REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_VIEW,
SEARCH_VIEW, TICKET_VIEW, TIMELINE_VIEW, WIKI_VIEW
authenticated = POLL_VOTE, TICKET_APPEND, TICKET_CREATE
@developer = BLOG_CREATE, BLOG_MODIFY_OWN, WIKI_CREATE, WIKI_DELETE,
WIKI_MODIFY, XML_RPC
After reloading the apache i'm not able to see anything but the wiki
(blog plugin is disabled).
After checking the log, i found this entry
2009-07-03 12:50:00,462 Trac[authz_policy] DEBUG: Checking REPORT_VIEW
on
I then added some more debug-lines to the .py file and found that this
self.log.debug('Checking %s on %s (unnormalized)', action, resource)
gives
2009-07-03 12:50:00,461 Trac[authz_policy] DEBUG: Checking SEARCH_VIEW
on None (unnormalized)
And fnmatch between and '*@*' (resource_glob) in line 216 returns false.
Some of the permission checks work (therefore i know that the setup is
ok). From the log
2009-07-03 12:50:00,458 Trac[authz_policy] DEBUG: Checking WIKI_VIEW
on <Resource 'wiki'> (unnormalized)
2009-07-03 12:50:00,458 Trac[authz_policy] DEBUG: Checking WIKI_VIEW
on wiki:*@*
2009-07-03 12:50:00,459 Trac[authz_policy] DEBUG: Resource glob *@*
2009-07-03 12:50:00,459 Trac[authz_policy] DEBUG: fnmatch gives: True
2009-07-03 12:50:00,459 Trac[authz_policy] DEBUG: wiki:*@* matched
section *@* for user me
Did anyone else ran into these problems? Is it because of the ldap
authentification? Or is the authz_policy.py not designed for trac
0.11.4 ?
Best regards,
Hendrik
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users [at] googlegroups
To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
