Hi, Something important to remember is that with the default setup: * Apache (or another web server) manages the authentication (user/passwd is valid) * Trac manages the permission (whether an authenticated user can perform a kind of action)
You can use SSPI to authenticate users w/ Apache. Nevertheless, pleae search for SSPI in Trac ticket database, as there are known issues with Trac+SSPI+IE browsers which are yet to be solved, AFAICT. An alternative authentication scheme can be used, see http://trac-hacks.org/wiki/AuthFormPlugin. In such a case, authentication is not performed by the web server anymore, but by the Trac plugin, which may leverage the SSPI issue (to be checked, I think the SSPI issue is partially due to the HTTP authentication scheme) LdapPlugin does not perform authentication - although it is usually combined with mod_auth_ldap, so that the same LDAP directory is used by Apache to perform authentication -, only group resolution. It also acts as a permission store as well so that the permissions are stored in the LDAP directory instead of the Trac DB, which is nice to share permission among several Trac projects, for example. I don't know whether it is possible to add permissions through SSPI, but it would require to write a dedicated plugin. AFAIK, ActiveDirectory is some kind of LDAP directory, so it might be possible to tweak the LdapPlugin to use it against an ActiveDirectory. HTH, Manu On 5/31/06, Bhuvan <[EMAIL PROTECTED]> wrote:
I'm a novice user of Trac (Just started experimenting with trac implementation two weeks back). I'm using trac 0.9.5. I was going through the documentation of LDAP plugin (http://trac-hacks.org/wiki/LdapPlugin) and was curious whether we can achieve the same functionality with SSPI authentication using mod_auth_sspi. I would like configure different permission levels for different active directory groups, like "Application Development" will be able to close tickets, valid_users can submit tickets, and so on ... this way i can apply Is there any way to do this? Thanks in advance .. Bhuvan _______________________________________________ Trac mailing list [email protected] http://lists.edgewall.com/mailman/listinfo/trac
-- Manu _______________________________________________ Trac mailing list [email protected] http://lists.edgewall.com/mailman/listinfo/trac
