> -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of RjOllos > > On Tuesday, June 2, 2015 at 9:23:58 AM UTC-7, RjOllos wrote: > > On Tue, Jun 2, 2015 at 11:17 AM, Josh Santangelo <[email protected]> > wrote: > > I made the "Error with navigation contributor AccountModuleā€¯ go > away by disabling acct_mgr.web_ui.accountmodule. > > > This brings up a related question I've had about using LDAP through > Apache, rather than using LdapPlugin and LdapAuthStorePlugin. My earlier > question that I haven't determined the answer to is whether it is possible to > populate the session info such as name and email address from the LDAP data > store when using an Apache LDAP configuration. Similarly, does > AccountManagerPlugin have any useful function if using LDAP through Apache? > > > - Ryan > > Hello Mark, > > I read through this thread again and spotted a statement by you that I had > previously overlooked, > > > What this does is pass the user info through to Trac in the session info > (based on the parameters specified in the LDAP URL which can include the > user's email). > > I currently have an AuthLDAPURL that ends in the following. > > /ou=<GroupName>,dc=<domain>,dc=com?sAMAccountName
Sorry for slightly misleading you, it is a while since I set this up here. There are two parts to this (a) getting the data back from LDAP and (b) getting Trac to use that data... For (a) you can edit your LDAPURL to something like: ...DC=net?sAMAccountName,mail?sub?(objectClass=*) i.e. you can specify a comma-separated list of attributes. Authentication relies only on the first specified item (e.g. sAMAccountName usually) but I found that mod_wsgi passes all retrieved attributes through to the python app (see #1 for some test code): AUTHENTICATE_MAIL: '[email protected]' AUTHENTICATE_SAMACCOUNTNAME: 'my-user-id' ...i.e. the attributes are available as AUTHENTICATE_<ATTR> I have not solved (b) as I was not confident to hack into the Trac code but I do not think it would be too difficult to check for the presence of these WSGI session values in the relevant place (I think they all started WSGI_ but will have to have another look). Note that simply logging in is not usually enough to get the session data updated ~ I have a local macro to list "authenticated" users and people do not tend to appear until they have "done something" like edit a wiki page. If I get some time I will try to poke at this again as it would be useful for me too. Any pointers of where to look in Trac source would be appreciated! ~ Mark C [1] https://code.google.com/p/modwsgi/wiki/DebuggingTechniques#Displaying_Request_Environment > Could you give an example of how I would modify this to pull the user name > and email address from LDAP to populate the session? Will the session info be > populated and saved on every successful authentication? What I mean is, with > the proper AuthLDAPURL, if I clear the username and email from the /prefs > page, close the browser and authenticate again, should the username and email > be immediately populated? > > > Thanks, > - Ryan > > > -- > You received this message because you are subscribed to the Google Groups > "Trac Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/trac-users. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
