Ideally, validate only certain groups for access to certain repositories. I've tried all manner of variations on the trac.conf and none do anything even approaching that. I either get all blocked or all allowed.
I dumped the ldap directory with ldapsearch and tried various groups which included or excluded me in the above experiment, to no avail. On Monday, December 2, 2013 2:09:18 PM UTC-8, Dimitri Maziuk wrote: > On 12/02/2013 03:16 PM, Stuart Cracraft wrote: > > > > Trouble with implementing LDAP groups with TRAC. > > > > Just doesn’t work for me so far. > > You need to ask whoever's in charge of your LDAP server. We don't know > what it has or what it needs. > > > AuthLDAPURL " > > > ldap://EXAMPLEIP/ou=SOMEOU,dc=examplecompany,dc=com?sAMAccountName?sub?(objectClass=user > > > > )" > > Are you sure you need the filter? > > > AuthLDAPBindDN "EXAMPLEUSER" > > AuthLDAPBindPassword "EXAMPLEPASSWORD" > > Does your LDAP server support anonymous bind? Typically if you need the > above, your bind DN looks like "cn=Manager,dc=company,..." > > > require ldap-group CN=SOMEOU,CN=Users,DC=examplecompany,DC=com > > Require ldap-attribute > > memberOf="CN=SOMECN,CN=Users,DC=examplecompany,DC=com" > > I think you're looking for ou=Group or something in the first one and > I've no idea what the second one is for. > > http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#reqgroup > > -- > Dimitri Maziuk > Programmer/sysadmin > BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu > > -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/groups/opt_out.
