On Tuesday, June 2, 2015 at 11:07:45 PM UTC-7, Cooke, Mark wrote: > > Sorry for slightly misleading you, it is a while since I set this up here. > > There are two parts to this (a) getting the data back from LDAP and > (b) getting Trac to use that data... > > For (a) you can edit your LDAPURL to something like: > > ...DC=net?sAMAccountName,mail?sub?(objectClass=*) > > i.e. you can specify a comma-separated list of attributes. Authentication > relies only on the first specified item (e.g. sAMAccountName usually) but > I > found that mod_wsgi passes all retrieved attributes through to the python > app (see #1 for some test code): > > AUTHENTICATE_MAIL: '[email protected] <javascript:>' > AUTHENTICATE_SAMACCOUNTNAME: 'my-user-id' > > ...i.e. the attributes are available as AUTHENTICATE_<ATTR> >
Nice. You might find TracDeveloperPlugin useful as well. https://trac-hacks.org/wiki/TracDeveloperPlugin Here is a view showing inspection of req.environ: > > <https://lh3.googleusercontent.com/-jEAoy2RUC6Y/VW92PB7B1JI/AAAAAAAACH8/ic8utJs6wPU/s1600/req.environ.png> > I have not solved (b) as I was not confident to hack into the Trac code > but > I do not think it would be too difficult to check for the presence of > these > WSGI session values in the relevant place (I think they all started WSGI_ > but will have to have another look). > > Note that simply logging in is not usually enough to get the session data > updated ~ I have a local macro to list "authenticated" users and people do > not tend to appear until they have "done something" like edit a wiki page. > > If I get some time I will try to poke at this again as it would be useful > for me too. Any pointers of where to look in Trac source would be > appreciated! > The discussion here might be helpful: https://trac-hacks.org/ticket/12302#comment:5 Maybe we can grab and save the values in LoginModule. I'd have to investigate further to be more confident. http://trac.edgewall.org/browser/tags/trac-1.1.5/trac/web/auth.py#L39 It looks like there is an open ticket for this. I'd like to get this resolved for Trac 1.2: trac.edgewall.org/ticket/7371 I'd also like to write a new TracApache page and consolidate the information on configuring Trac with Apache. LDAP specific configuration info would be included. I'd like to get this included in the Trac 1.2 release and have examples for Apache 2.4 in addition to Apache 2.2. - Ryan -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
