On Mon, Feb 16, 2009 at 12:57:21PM -0500, Olemis Lang wrote: > > On Wed, Feb 11, 2009 at 3:12 AM, Noah Kantrowitz <n...@coderanger.net> wrote: > > On Feb 5, 2009, at 4:36 AM, nik gaffney wrote: > > > >> As it appears there are several plugins to use LDAP authentication > >> with > >> the Acount Manager plugin, I have tried 'TracLDAPAuth' and > >> 'LdapAuthStore' and couldn't get either to work with the registration > >> interface. > > > > The LDAP auth plugin doesn't support modification, nor do I plan to > > add that. The general use case for LDAP is hooking in to an existing, > > large company infrastructure. In this case you would already have a > > procedure and tools for adding/modifying accounts. I don't think it > > makes sense to try to build these tools into Trac when the whole point > > is to allow you to use your existing ones. > > > > +1 ... this is exactly the idea and Trac admins should not be > responsible for managing users in LDAP (e.g. MSAD ...) dirs ... if > there is a central LDAP server, then there should be an admin. If you > still need to do something like this you (or someone else ... ;) may > write your own registration module to either: > > - Modify data in the LDAP dir directly ... (not recommended IMO ... > but anyway, it's up to you ;) > > - Notify the MSAD admin (or another external tool ...) of the fact > that a new user should be added ... and delegate this task to this > «external actor» ... > > You can also consider the use of specific LDAP admin tools ... or any > other third party tool ... outside the Trac site ... ;) > > -- > Regards, > > Olemis.
We have been thinking about this in-house as well, as we have several projects that are OSS (so anyone should be able to register) but will have SVN committers and members of other privilege that will have LDAP accounts. I was thinking of a layered scheme for this: * allow registration TTW for anyone * for auth, check LDAP first; if no such account, then validate against (e.g.) and .htpasswd file which will contain registered accounts * create tools to allow easy migration from TTW registered users to LDAP users We're still in the thinking and planning stage on this one, but I'd be happy to make such tools available when they're ready (or for that matter, use someone else's tools if they've already solved this problem). Jeff --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
