john at andrunas
Jan 28, 2010, 11:45 AM
Post #3 of 4
I have been using apache mod ldap to auth users to Active Directory
for a year now, and it works perfectly, if you set the
smtp_default_domain and are only dealing with one domain, it will
simply append the domain on to the end of the usernames. Auth from
apache ldap gets properly passed to Trac so there is no need to
On Thu, Jan 28, 2010 at 5:54 AM, Olemis Lang <olemis [at] gmail> wrote:
> On Thu, Jan 28, 2010 at 3:33 AM, Cooke, Mark <mark.cooke [at] siemens> wrote:
>> Hello list,
>> I am currently trying to "properly" implement Trac which I have been
>> championing using tracd from my desktop. I now have a windoze server
>> and want to authenticate against Active Directory. My current plan is
>> to use apache and mod_authnz_ldap
>> What I am not sure about is: can I remove the need to re-authenticate
>> into Trac after passing the apache LDAP authentication gauntlet.
>> ~ can Trac pick up the user credentials from apache?
> You shouldn't need to re-authenticate. When you login (Basic | Digest
> auth isn'it ?). When users type the passw in the auth dialog box
> Apache (i.e. mod_authnz_ldap ) provides the user
>> ~ even better, can Trac get the user's email address from AD?
> Using the right plugin, yes.
>> I have had a look at Trac-hacks and e.g. LdapPlugin but I don't want to
>> use LDAP groups for authorisation as my company IT structure would make
>> that way too much work, especially for the handful of active users that
>> would need more than default rights.
> You can disable the component implementing LDAP groups, and that's it !
>> I would have thought this a reasonably common use case so can anyone
>> point me at the right documentation for setting this up properly?
> I mentioned one some time ago, and that question is very frequent in
> this list so I think something can be found provided that archive is
> working ok
> Blog ES: http://simelo-es.blogspot.com/
> Blog EN: http://simelo-en.blogspot.com/
> Featured article:
> Mapping `ResourceNotFound`exception to `invalid_request` GViz response
> - http://simelo.hg.sourceforge.net/hgweb/simelo/trac-gviz/rev/114c0de27077
> You received this message because you are subscribed to the Google Groups "Trac Users" group.
> To post to this group, send email to trac-users [at] googlegroups
> To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
> For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users [at] googlegroups
To unsubscribe from this group, send email to trac-users+unsubscribe [at] googlegroups
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.