Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Trac: Users

Trac & Active Directory

 

 

Trac users RSS feed   Index | Next | Previous | View Threaded


mark.cooke at siemens

Jan 28, 2010, 12:33 AM

Post #1 of 4 (1135 views)
Permalink
Trac & Active Directory

Hello list,

I am currently trying to "properly" implement Trac which I have been
championing using tracd from my desktop. I now have a windoze server
and want to authenticate against Active Directory. My current plan is
to use apache and mod_authnz_ldap (or possibly mod_auth_sspi but that
seem to be out of development) to protect and serve the Trac sites.
This I think I can do.

What I am not sure about is: can I remove the need to re-authenticate
into Trac after passing the apache LDAP authentication gauntlet.
~ can Trac pick up the user credentials from apache?
~ even better, can Trac get the user's email address from AD?

I have had a look at Trac-hacks and e.g. LdapPlugin but I don't want to
use LDAP groups for authorisation as my company IT structure would make
that way too much work, especially for the handful of active users that
would need more than default rights.

Most of the web how-tos that I can find seem to stop at getting
apache/AD working and do not talk about the onward like to Trac (or
subversion).


I would have thought this a reasonably common use case so can anyone
point me at the right documentation for setting this up properly?

Many Thanks,

~ Mark C

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users [at] googlegroups
To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.


olemis at gmail

Jan 28, 2010, 5:54 AM

Post #2 of 4 (1099 views)
Permalink
Re: Trac & Active Directory [In reply to]

On Thu, Jan 28, 2010 at 3:33 AM, Cooke, Mark <mark.cooke [at] siemens> wrote:
> Hello list,
>
> I am currently trying to "properly" implement Trac which I have been
> championing using tracd from my desktop.  I now have a windoze server
> and want to authenticate against Active Directory.  My current plan is
> to use apache and mod_authnz_ldap

+1

> What I am not sure about is: can I remove the need to re-authenticate
> into Trac after passing the apache LDAP authentication gauntlet.
>  ~ can Trac pick up the user credentials from apache?

You shouldn't need to re-authenticate. When you login (Basic | Digest
auth isn'it ?). When users type the passw in the auth dialog box
Apache (i.e. mod_authnz_ldap ) provides the user

>  ~ even better, can Trac get the user's email address from AD?
>

Using the right plugin, yes.

> I have had a look at Trac-hacks and e.g. LdapPlugin but I don't want to
> use LDAP groups for authorisation as my company IT structure would make
> that way too much work, especially for the handful of active users that
> would need more than default rights.
>

You can disable the component implementing LDAP groups, and that's it !

> I would have thought this a reasonably common use case so can anyone
> point me at the right documentation for setting this up properly?
>

I mentioned one some time ago, and that question is very frequent in
this list so I think something can be found provided that archive is
working ok

;o)

--
Regards,

Olemis.

Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/

Featured article:
Mapping `ResourceNotFound`exception to `invalid_request` GViz response
- http://simelo.hg.sourceforge.net/hgweb/simelo/trac-gviz/rev/114c0de27077

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users [at] googlegroups
To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.


john at andrunas

Jan 28, 2010, 11:45 AM

Post #3 of 4 (1096 views)
Permalink
Re: Trac & Active Directory [In reply to]

I have been using apache mod ldap to auth users to Active Directory
for a year now, and it works perfectly, if you set the
smtp_default_domain and are only dealing with one domain, it will
simply append the domain on to the end of the usernames. Auth from
apache ldap gets properly passed to Trac so there is no need to
re-auth.

On Thu, Jan 28, 2010 at 5:54 AM, Olemis Lang <olemis [at] gmail> wrote:
> On Thu, Jan 28, 2010 at 3:33 AM, Cooke, Mark <mark.cooke [at] siemens> wrote:
>> Hello list,
>>
>> I am currently trying to "properly" implement Trac which I have been
>> championing using tracd from my desktop.  I now have a windoze server
>> and want to authenticate against Active Directory.  My current plan is
>> to use apache and mod_authnz_ldap
>
> +1
>
>> What I am not sure about is: can I remove the need to re-authenticate
>> into Trac after passing the apache LDAP authentication gauntlet.
>>  ~ can Trac pick up the user credentials from apache?
>
> You shouldn't need to re-authenticate. When you login (Basic | Digest
> auth isn'it ?). When users type the passw in the auth dialog box
> Apache (i.e. mod_authnz_ldap ) provides the user
>
>>  ~ even better, can Trac get the user's email address from AD?
>>
>
> Using the right plugin, yes.
>
>> I have had a look at Trac-hacks and e.g. LdapPlugin but I don't want to
>> use LDAP groups for authorisation as my company IT structure would make
>> that way too much work, especially for the handful of active users that
>> would need more than default rights.
>>
>
> You can disable the component implementing LDAP groups, and that's it !
>
>> I would have thought this a reasonably common use case so can anyone
>> point me at the right documentation for setting this up properly?
>>
>
> I mentioned one some time ago, and that question is very frequent in
> this list so I think something can be found provided that archive is
> working ok
>
> ;o)
>
> --
> Regards,
>
> Olemis.
>
> Blog ES: http://simelo-es.blogspot.com/
> Blog EN: http://simelo-en.blogspot.com/
>
> Featured article:
> Mapping `ResourceNotFound`exception to `invalid_request` GViz response
>  - http://simelo.hg.sourceforge.net/hgweb/simelo/trac-gviz/rev/114c0de27077
>
> --
> You received this message because you are subscribed to the Google Groups "Trac Users" group.
> To post to this group, send email to trac-users [at] googlegroups
> To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
> For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
>
>



--
John

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users [at] googlegroups
To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.


olemis at gmail

Jan 28, 2010, 12:27 PM

Post #4 of 4 (1099 views)
Permalink
Re: Trac & Active Directory [In reply to]

On Thu, Jan 28, 2010 at 2:45 PM, John Andrunas <john [at] andrunas> wrote:
> I have been using apache mod ldap to auth users to Active Directory
> for a year now,

Happy birthday !!!

o<|:o)

--
Regards,

Olemis.

Blog ES: http://simelo-es.blogspot.com/
Blog EN: http://simelo-en.blogspot.com/

Featured article:
Getting username in plugin - Trac Users | Google Groups -
http://feedproxy.google.com/~r/TracGViz-full/~3/w6_z2QpEv08/f20a13a7ccdf79ca

--
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users [at] googlegroups
To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.

Trac users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.