In Trac, authentication and permissions are seperate; I'm assuming Apache is handling ldap authentication in your setup.
You should be able to use the standard Trac permissions system to manage permissions for your users. However, as far as I know, permissions in Trac "bubble up"; you can only add additional permissions to the permissions a user receives from the groups they belong to, not revoke them. To get a better idea of what's going on, you can use the permissions section in Web Admin. It lists all the permissions Trac has stored. My guess is that either the group "anonymous" or the group "authenticated" has BROWSER_VIEW, LOG_VIEW, FILE_VIEW, CHANGESET_VIEW and all your users inherit these permissions. In that case, you will have to work the other way - remove these permissions from the large group, and add them to individual users that need source access. If you have a large number of people to handle, you may want to consider the LdapPlugin (http://trac-hacks.org/wiki/LdapPlugin). - Matthew P.S. As a disclaimer, we don't use Apache or Ldap authentication. I'm just going on what I've read. On Feb 13, 5:30 pm, JoeNMDA <[EMAIL PROTECTED]> wrote: > My users authenticate via ldap. Even my external subversion access > (browser based outside of trac) authenticates against ldap. > > I want to restrict certain ldap users from browsing the source, so I > run: > trac-admin myproject permission remove myuser BROWSER_VIEW LOG_VIEW > FILE_VIEW CHANGESET_VIEW > > User myuser can still access the browse source tab and peruse the > source. > > "authz_file" is empty in [trac] inside my trac.ini file. > > Can this be done on an ldap user? > > - Joe --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
