Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <LocationMatch "/trac/[^/]+/login">
- AuthType Kerberos
- AuthName Trac
- KrbServiceName HTTP/intranet.domain.com
- KrbMethodNegotiate On
- KrbMethodK5Passwd On
- KrbAuthRealms DOMAIN.COM
- Krb5KeyTab /etc/httpd/conf/intranet.keytab
- AuthzLDAPAuthoritative off
- require valid-user
- Options Indexes MultiViews FollowSymLinks
- AllowOverride All
- Order allow,deny
- Allow from all
- SetOutputFilter DEFLATE
- </LocationMatch>
- [root@hero plugins]# cat ../conf/trac.ini
- [components]
- ldapplugin.* = enabled
- [notification]
- always_notify_owner = true
- always_notify_reporter = true
- always_notify_updater = true
- mime_encoding = base64
- smtp_always_bcc =
- smtp_always_cc = sharif.uddin@domain.com
- smtp_default_domain = domain.com
- smtp_enabled = true
- smtp_from = trac@domain.com
- smtp_password =
- smtp_port = 25
- smtp_replyto = support@domain.com
- smtp_server = hero.uk.domain.com
- smtp_subject_prefix = __default__
- smtp_user =
- use_public_cc = false
- use_short_addr = false
- use_tls = false
- #ignore_domain= domain.com
- [ldap]
- global_perms = true
- enable = true
- use_tls = false
- host = echo
- port = 389
- basedn = dc=domain,dc=com
- # Relative DN for users (defaults to none)
- user_rdn = ou=TechSupport,ou=Woking,ou=Sites
- # Relative DN for group of names (defaults to none)
- group_rdn = cn=users
- # objectclass for groups
- #groupname = groupofnames
- # dn entry in a groupname
- #groupmember = member
- # attribute name for a group
- #groupattr = cn
- # attribute name for a user
- #user_name_attr = uid
- # objectclass for user ; customize to your needs
- #user_class = sambaSamAccount
- # attribute name to store trac permission
- #permattr = tracperm
- # filter to search for dn with 'permattr' attributes
- #permfilter = objectclass=*
- # time, in seconds, before a cached entry is purged out of the local cache.
- #cache_ttl = 900
- # maximum number of entries in the cache
- #cache_size = 100
- # whether to perform an authenticated bind for group resolution
- #group_bind = false
- # whether to perform an authenticated bind for permision store operations
- store_bind = true
- # user for authenticated connection to the LDAP directory
- bind_user = cn=administrator,cn=users,dc=domain,dc=com
- # password for authenticated connection
- bind_passwd = ********
- # global permissions (vs. per-environment permissions)
- #global_perms = false
- # group permissions are managed as addition/removal to the LDAP directory groups
- #manage_groups = true
- # whether a group member contains the full dn or a simple uid
- #groupmemberisdn = true
- [trac]
- permission_store = LdapPermissionStore
- [Mon Dec 02 14:13:33 2013] [warn] [client 172.16.0.85] [19659] auth_ldap authenticate: user sharifu authentication failed; URI /trac/paradox/login [ldap_search_ext_s() for user failed][Operations error], referer: http://intranet/trac/paradox/
- <LocationMatch "/trac/[^/]+/login">
- AuthType Basic
- AuthName Trac
- AuthBasicProvider ldap
- Order allow,deny
- Allow from all
- AuthLDAPURL "ldap://echo:389/dc=domain,dc=com?uid"
- AuthzLDAPAuthoritative on
- require valid-user
- # Options Indexes MultiViews FollowSymLinks
- # AllowOverride All
- # SetOutputFilter DEFLATE
- </LocationMatch>
- <LocationMatch "/trac/[^/]+/login">
- AuthType Basic
- AuthName Trac
- AuthBasicProvider ldap
- Order allow,deny
- Allow from all
- AuthLDAPURL "ldap://echo.uk.domain.com akutan.usa.domain.com/ou=Sites,dc=domain,dc=com?sAMAccountName"
- AuthLDAPBindDN cn=Administrator,cn=Users,dc=domain,dc=com
- AuthLDAPBindPassword **********
- AuthzLDAPAuthoritative off
- require valid-user
- </LocationMatch>
- [root@hero trac]# trac-admin paradox permission list
- User Action
- --------------------------------
- @Administrators TRAC_ADMIN
- anonymous CHANGESET_VIEW
- anonymous FILE_VIEW
- anonymous LOG_VIEW
- anonymous MILESTONE_VIEW
- anonymous REPORT_SQL_VIEW
- anonymous REPORT_VIEW
- anonymous ROADMAP_VIEW
- anonymous SEARCH_VIEW
- anonymous TICKET_VIEW
- anonymous TIMELINE_VIEW
- anonymous WIKI_VIEW
- Available actions:
- BROWSER_VIEW, CHANGESET_VIEW, CONFIG_VIEW, FILE_VIEW, LOG_VIEW,
- MILESTONE_ADMIN, MILESTONE_CREATE, MILESTONE_DELETE, MILESTONE_MODIFY,
- MILESTONE_VIEW, REPORT_ADMIN, REPORT_CREATE, REPORT_DELETE, REPORT_MODIFY,
- REPORT_SQL_VIEW, REPORT_VIEW, ROADMAP_ADMIN, ROADMAP_VIEW, SEARCH_VIEW,
- TICKET_ADMIN, TICKET_APPEND, TICKET_CHGPROP, TICKET_CREATE, TICKET_MODIFY,
- TICKET_VIEW, TIMELINE_VIEW, TRAC_ADMIN, WIKI_ADMIN, WIKI_CREATE,
- WIKI_DELETE, WIKI_MODIFY, WIKI_VIEW
- Trac[paradox:api] ERROR: LDAP error: Operations error
- Trac[paradox:api] ERROR: LDAP error: Operations error
- Trac[paradox:api] DEBUG: Updating wiki page index
- [notification]
- always_notify_owner = true
- always_notify_reporter = true
- always_notify_updater = true
- mime_encoding = base64
- smtp_always_bcc =
- smtp_always_cc = sharif.uddin@domain.com
- smtp_default_domain = domain.com
- smtp_enabled = true
- smtp_from = trac@domain.com
- smtp_password =
- smtp_port = 25
- smtp_replyto = support@domain.com
- smtp_server = hero.uk.domain.com
- smtp_subject_prefix = __default__
- smtp_user =
- use_public_cc = false
- use_short_addr = false
- use_tls = false
- #ignore_domains = domain.com
- [ldap]
- enable = true
- host = echo
- basedn = dc=domain,dc=com
- user_rdn = ou=Sites,dc=domain,dc=com
- group_rdn = cn=Users,dc=domain,dc=com
- store_bind = true
- bind_user = Administrator@domain.com
- bind_passwd = ******
- [trac]
- permission_store = LdapPermissionStore
- [logging]
- #log_file = /var/log/trac.log
- log_format = Trac[$(basename)s:$(module)s] $(levelname)s: $(message)s
- #log_level = DEBUG
- #log_type = file
- [components]
- webadmin.* = enabled
- ldapplugin.* = enabled
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement