Very helpful. I did add my membership to the group "neededGroup".
Subject:
Group:
Add a user or group to an existing permission group.
PermissionsSubjectActionanonymous FILE_VIEW SEARCH_VIEW WIKI_VIEW
authenticated TICKET_CREATE TICKET_MODIFY WIKI_CREATE WIKI_MODIFY .
neededGroup BROWSER_VIEW TRAC_ADMIN
scracraftEMAIL_VIEW TRAC_ADMIN Group
MembershipGroupSubjectneededGroup scracraft
And with this set of permissions, it does let me have browse even though I
am not
a trac_admin, which is desired.
But, even more desirable is not having to add my name to the neededGroup
membership
list at all. I.e. it would know my name is part of the neededGroup list in
LDAP.
Is that possible with TRAC? We want to minimize maintenance overhead and
administration chores.
On Wednesday, October 30, 2013 2:22:41 PM UTC-7, Matthew Caron wrote:
> I don't know what "browser" button to which you refer, but looking at my
> config, there's a "BROWSER_VIEW" permission that we give to anonymous.
> Perhaps neededgroup needs to have BROWSER_VIEW (assuming that's the
> correct permission for what the "browser" functionality of which you
> speak).
>
> On 10/30/2013 04:44 PM, Stuart Cracraft wrote:
> > I think so. Here's what TRAC_ADMIN sees on the permissions screen:
> >
> >
> > Permissions
> >
> > Subject Action
> > anonymous FILE_VIEW SEARCH_VIEW WIKI_VIEW
> > authenticated TICKET_CREATE TICKET_MODIFY WIKI_CREATE WIKI_MODIFY
> >
> > neededgroup BROWSER_VIEW TRAC_ADMIN
> > scracraft EMAIL_VIEW TRAC_ADMIN
> >
> >
> > Group Membership
> >
> > Group Subject
> >
> > No group memberships
> >
> > "id" on the Linux boxes shows I belong to neededgroup.
> >
> > Yet, when I delete TRAC_ADMIN for myself (scracraft) and login without
> >
> > it, I have no browser button.
> >
> > That's the core of the problem.
> >
> >
> > On Wednesday, October 30, 2013 1:23:42 PM UTC-7, Stuart Cracraft wrote:
> >
> > // The issue is LDAP logs in but even though I am
> > // a member of a group, I don't have browse capability.
> > // All we want is to be assign or deassign browse
> > // capability for specific groups to specific subversion
> > // directories.
> > // That's all. Obviously I am completely blind.
> > # -*- coding: utf-8 -*-
> >
> > [account-manager]
> >
> > account_changes_notify_addresses =
> >
> > [attachment]
> >
> > max_size = 262144
> >
> > max_zip_size = 2097152
> >
> > render_unsafe_content = false
> >
> > [browser]
> >
> > color_scale = True
> >
> > downloadable_paths = /trunk, /branches/*, /tags/*
> >
> > hide_properties = svk:merge
> >
> > intermediate_color =
> >
> > intermediate_point =
> >
> > newest_color = (255, 136, 136)
> >
> > oldest_color = (136, 136, 255)
> >
> > oneliner_properties = trac:summary
> >
> > render_unsafe_content = false
> >
> > wiki_properties = trac:description
> >
> > [changeset]
> >
> > max_diff_bytes = 10000000
> >
> > max_diff_files = 0
> >
> > wiki_format_messages = true
> >
> > [components]
> >
> > ldapplugin.* = enabled
> >
> > ldapplugin.api.ldappermissiongroupprovider = enabled
> >
> > trac.versioncontrol.api.repositorymanager = enabled
> >
> > trac.versioncontrol.svn_authz.svnauthzoptions = enabled
> >
> > trac.versioncontrol.svn_fs.subversionconnector = enabled
> >
> > trac.versioncontrol.svn_prop.subversionmergepropertydiffrenderer =
> > enabled
> >
> > trac.versioncontrol.svn_prop.subversionmergepropertyrenderer =
> enabled
> >
> > trac.versioncontrol.svn_prop.subversionpropertyrenderer = enabled
> >
> > tracopt.versioncontrol.svn.* = enabled
> >
> > [header_logo]
> >
> > height = -1
> >
> > link =
> >
> > src = logo_mtg.png
> >
> > width = -1
> >
> > [inherit]
> >
> > htdocs_dir =
> >
> > plugins_dir =
> >
> > templates_dir =
> >
> > [ldap]
> >
> > enable = true
> >
> > use_tls = false
> >
> > host = 10.201.99.9
> >
> > port = 389
> >
> > basedn = cn=Users,dc=ourcompany,dc=com
> >
> > bind_passwd = "ourbindpassword"
> >
> > bind_user = "ourbinduser"
> >
> > cache_size = 100
> >
> > cache_ttl = 900
> >
> > global_perms = false
> >
> > group_bind = false
> >
> > group_rdn = ou=groups
> >
> > groupattr = cn
> >
> > groupmember = member
> >
> > groupmemberisdn = false
> >
> > #groupname = group
> >
> > #groupname = @mtg-sol
> >
> > groupname = mtg-sol
> >
> > manage_groups = true
> >
> > permattr = tracperm
> >
> > permfilter = objectclass=*
> >
> > store_bind = false
> >
> > user_class = user
> >
> > user_name_attr = sAMAccountName
> >
> > user_rdn =
> >
> > [logging]
> >
> > log_file = trac.log
> >
> > log_level = DEBUG
> >
> > log_type = file
> >
> > [milestone]
> >
> > stats_provider = DefaultTicketGroupStatsProvider
> >
> > [mimeviewer]
> >
> > max_preview_size = 262144
> >
> > mime_map = text/x-dylan:dylan, text/x-idl:ice, text/x-ada:ads:adb
> >
> > mime_map_patterns = text/plain:README|INSTALL|COPYING.*
> >
> > tab_width = 8
> >
> > treat_as_binary = application/octet-stream, application/pdf,
> > application/postscript, application/msword,application/rtf,
> >
> > [notification]
> >
> > admit_domains =
> >
> > always_notify_owner = false
> >
> > always_notify_reporter = false
> >
> > always_notify_updater = true
> >
> > ambiguous_char_width = single
> >
> > batch_subject_template = $prefix Batch modify: $tickets_descr
> >
> > email_sender = SmtpEmailSender
> >
> > ignore_domains =
> >
> > mime_encoding = none
> >
> > sendmail_path = sendmail
> >
> > smtp_always_bcc =
> >
> > smtp_always_cc =
> >
> > smtp_default_domain =
> >
> > smtp_enabled = false
> >
> > smtp_from = trac@localhost
> >
> > smtp_from_author = false
> >
> > smtp_from_name =
> >
> > smtp_password =
> >
> > smtp_port = 25
> >
> > smtp_replyto = trac@localhost
> >
> > smtp_server = localhost
> >
> > smtp_subject_prefix = __default__
> >
> > smtp_user =
> >
> > ticket_subject_template = $prefix #$ticket.id <http://ticket.id>:
> > $summary
> >
> > use_public_cc = false
> >
> > use_short_addr = false
> >
> > use_tls = false
> >
> > [project]
> >
> > admin =
> >
> > admin_trac_url = .
> >
> > descr = Our Company
> >
> > footer = Visit the Trac open source project at<br /><a
> > href="_http://trac.edgewall.org/_
> > <http://trac.edgewall.org/>">_http://trac.edgewall.org/</a_
> > <http://trac.edgewall.org/%3c/a>>
> >
> > icon = common/trac.ico
> >
> > name = MTG
> >
> > url =
> >
> > [query]
> >
> > default_anonymous_query = status!=closed&cc~=$USER
> >
> > default_query = status!=closed&owner=$USER
> >
> > items_per_page = 100
> >
> > ticketlink_query = ?status=!closed
> >
> > [report]
> >
> > items_per_page = 100
> >
> > items_per_page_rss = 0
> >
> > [revisionlog]
> >
> > default_log_limit = 100
> >
> > graph_colors = ['#cc0', '#0c0', '#0cc', '#00c', '#c0c', '#c00']
> >
> > [roadmap]
> >
> > stats_provider = DefaultTicketGroupStatsProvider
> >
> > [search]
> >
> > min_query_length = 3
> >
> > [ticket]
> >
> > default_cc =
> >
> > default_component =
> >
> > default_description =
> >
> > default_keywords =
> >
> > default_milestone =
> >
> > default_owner = < default >
> >
> > default_priority = major
> >
> > default_resolution = fixed
> >
> > default_severity =
> >
> > default_summary =
> >
> > default_type = defect
> >
> > default_version =
> >
> > max_comment_size = 262144
> >
> > max_description_size = 262144
> >
> > preserve_newlines = default
> >
> > restrict_owner = false
> >
> > workflow = ConfigurableTicketWorkflow
> >
> > [ticket-workflow]
> >
> > accept = new,assigned,accepted,reopened -> accepted
> >
> > accept.operations = set_owner_to_self
> >
> > accept.permissions = TICKET_MODIFY
> >
> > leave = * -> *
> >
> > leave.default = 1
> >
> > leave.operations = leave_status
> >
> > reassign = new,assigned,accepted,reopened -> assigned
> >
> > reassign.operations = set_owner
> >
> > reassign.permissions = TICKET_MODIFY
> >
> > reopen = closed -> reopened
> >
> > reopen.operations = del_resolution
> >
> > reopen.permissions = TICKET_CREATE
> >
> > resolve = new,assigned,accepted,reopened -> closed
> >
> > resolve.operations = set_resolution
> >
> > resolve.permissions = TICKET_MODIFY
> >
> > [timeline]
> >
> > abbreviated_messages = True
> >
> > changeset_collapse_events = false
> >
> > changeset_long_messages = false
> >
> > changeset_show_files = 0
> >
> > default_daysback = 30
> >
> > max_daysback = 90
> >
> > newticket_formatter = oneliner
> >
> > ticket_show_details = false
> >
> > [trac]
> >
> > authz_file =
> >
> > authz_module_name =
> >
> > auto_preview_timeout = 2.0
> >
> > auto_reload = False
> >
> > backup_dir = db
> >
> > base_url =
> >
> > database = postgres://tracuser:tracuserpwd@localhost/trac
> >
> > debug_sql = False
> >
> > default_charset = utf-8
> >
> > default_date_format =
> >
> > default_dateinfo_format = relative
> >
> > default_handler = WikiModule
> >
> > default_language =
> >
> > default_timezone =
> >
> > genshi_cache_size = 128
> >
> > htdocs_location =
> >
> > jquery_location =
> >
> > jquery_ui_location =
> >
> > jquery_ui_theme_location =
> >
> > mainnav = wiki, timeline, roadmap, browser, tickets, newticket,
> search
> >
> > metanav = login, logout, prefs, help, about
> >
> > mysqldump_path = mysqldump
> >
> > never_obfuscate_mailto = false
> >
> > permission_policies = DefaultPermissionPolicy,
> LegacyAttachmentPolicy
> >
> > permission_store = DefaultPermissionStore
> >
> > pg_dump_path = pg_dump
> >
> > repository_sync_per_request = mtg
> >
> > resizable_textareas = true
> >
> > secure_cookies = False
> >
> > show_email_addresses = false
> >
> > show_ip_addresses = false
> >
> > timeout = 20
> >
> > use_base_url_for_redirect = False
> >
> > use_xsendfile = false
> >
> > [versioncontrol]
> >
> > allowed_repository_dir_prefixes = /u01/svn
> >
> > [wiki]
> >
> > ignore_missing_pages = false
> >
> > max_size = 262144
> >
> > render_unsafe_content = false
> >
> > safe_schemes = cvs, file, ftp, git, irc, http, https, news, sftp,
> > smb, ssh, svn, svn+ssh
> >
> > split_page_names = false
> >
> > --
> > You received this message because you are subscribed to the Google
> > Groups "Trac Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> > an email to [email protected] <javascript:>.
> > To post to this group, send email to
> > [email protected]<javascript:>.
>
> > Visit this group at http://groups.google.com/group/trac-users.
> > For more options, visit https://groups.google.com/groups/opt_out.
>
> --
> Matthew Caron, Software Build Engineer
> Red Lion Controls | www.redlion.net
> +1 (518) 877-5173 x138 office
>
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/groups/opt_out.
