> On Tuesday, June 2, 2015 at 11:07:45 PM UTC-7, Cooke, Mark wrote: > > > Sorry for slightly misleading you, it is a while since I set this up > > here. > > > > There are two parts to this (a) getting the data back from LDAP and > > (b) getting Trac to use that data... > > > > For (a) you can edit your LDAPURL to something like: > > > > ...DC=net?sAMAccountName,mail?sub?(objectClass=*) > > > > i.e. you can specify a comma-separated list of attributes. > > Authentication elies only on the first specified item > > (e.g. sAMAccountName usually) but I found that mod_wsgi passes all > > retrieved attributes through to the python app (see #1 for some > > test code): > > > > AUTHENTICATE_MAIL: '[email protected] <javascript:> ' > > AUTHENTICATE_SAMACCOUNTNAME: 'my-user-id' > > > > ...i.e. the attributes are available as AUTHENTICATE_<ATTR> > > > -----Original Message----- > From: RjOllos [mailto:[email protected]] > Sent: 03 June 2015 22:58 > > Nice. You might find TracDeveloperPlugin useful as well. > https://trac-hacks.org/wiki/TracDeveloperPlugin
Wow, that looks great! I will try that out. > > I have not solved (b) as I was not confident to hack into the Trac > > code but I do not think it would be too difficult to check for the > > presence of these WSGI session values in the relevant place (I think > > they all started WSGI_ but will have to have another look). > > > > Note that simply logging in is not usually enough to get the session > > data updated ~ I have a local macro to list "authenticated" users and > > people do not tend to appear until they have "done something" like > > edit a wiki page. > > > > If I get some time I will try to poke at this again as it would be > > useful for me too. Any pointers of where to look in Trac source > > would be appreciated! > > > The discussion here might be helpful: > https://trac-hacks.org/ticket/12302#comment:5 Thanks... > Maybe we can grab and save the values in LoginModule. I'd have to investigate > further to be more confident. > http://trac.edgewall.org/browser/tags/trac-1.1.5/trac/web/auth.py#L39 But I believe that my setup does not use the login module at all, all authentication is done by httpd. I certainly never use the "login" address... > It looks like there is an open ticket for this. I'd like to get this resolved > for Trac 1.2: > trac.edgewall.org/ticket/7371 That looks exactly like what I was suggesting! I will try to look at his patch for my setup and get back to you. > I'd also like to write a new TracApache page and consolidate the information > on configuring Trac with Apache. LDAP specific configuration info would be > included. I'd like to get this included in the Trac 1.2 release and have > examples for Apache 2.4 in addition to Apache 2.2. I could probably contribute to that too, let me know... > - Ryan > -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
