Modify ↓
Opened 19 years ago
Closed 19 years ago
#286 closed defect (fixed)
Revision 615 does not properly handle LDAP groups with a dash
Reported by: | Owned by: | Emmanuel Blot | |
---|---|---|---|
Priority: | normal | Component: | LdapPlugin |
Severity: | major | Keywords: | |
Cc: | Trac Release: | 0.10 |
Description
After following all of the steps required to install/configure the plugin for Trac 0.9.4 (rev 615 of the plugin) I found that groups with a dash in them will not work for permissions.
Apache 2.0.x does not have issues with this, just the plugin.
Example groups (ldif format):
description: Access to Trac Administration features dn: cn=trac-admins,ou=groups,o=whyaskwhy objectClass: posixGroup objectClass: top cn: trac-admins gidNumber: 309 memberUid: uid=myuser,ou=people,o=whyaskwhy
description: Testing LDAP plugin for trac dn: cn=testing,ou=groups,o=whyaskwhy objectClass: posixGroup objectClass: top cn: testing gidNumber: 310 memberUid: uid=myuser,ou=people,o=whyaskwhy
Here is the ldap section of my trac.ini file:
[components] ldapplugin.* = enabled # http://trac-hacks.org/wiki/LdapPlugin [ldap] # enable LDAP support for Trac enable = true # LDAP directory host host = localhost # LDAP directory port port = 389 # BaseDN basedn = o=whyaskwhy # BaseDN for users (defaults to basedn) user_basedn = ou=people,o=whyaskwhy # BaseDN for group of names (defaults to basedn) group_basedn = ou=groups,o=whyaskwhy # objectclass for groups groupname = posixGroup # dn entry in a groupname groupmember = memberUid # attribute name for a group groupattr = cn # attribute name for a user uidattr = uid # attribute name to store trac permission permattr = tracperm # filter to search for dn with 'permattr' attributes permfilter = objectclass=* # time, in seconds, before a cached entry is purged out of the local cache. cache_ttl = 900 # maximum number of entries in the cache cache_size = 100 # whether to perform an authenticated bind for group resolution group_bind = true # user for authenticated group bind group_user = uid=trac.binduser,ou=bind-accounts # password for authenticated group bind group_passwd = PASSWORD # whether to perform an authenticated bind for permision store operations store_bind = false # user for authenticated store bind store_user = # password for authenticated store bind store_passwd = # global permissions (vs. per-environment permissions) global_perms = false
Here is the result of a search (via a page view after Apache has authenticated by user)
/var/log/slapd.log
Apr 4 22:00:09 foi slapd[11162]: conn=353 fd=23 ACCEPT from IP=127.0.0.1:34946 (IP=0.0.0.0:389) Apr 4 22:00:09 foi slapd[11164]: conn=353 op=0 BIND dn="uid=trac.binduser,ou=bind-accounts,o=whyaskwhy" method=128 Apr 4 22:00:09 foi slapd[11164]: conn=353 op=0 BIND dn="uid=trac.binduser,ou=bind-accounts,o=whyaskwhy" mech=SIMPLE ssf=0 Apr 4 22:00:09 foi slapd[11164]: conn=353 op=0 RESULT tag=97 err=0 text= Apr 4 22:00:09 foi slapd[11165]: conn=353 op=1 CMP dn="cn=trac,ou=groups,o=whyaskwhy" attr="memberUid" Apr 4 22:00:09 foi slapd[11165]: conn=353 op=1 RESULT tag=111 err=32 text= Apr 4 22:00:09 foi slapd[11164]: conn=353 op=2 UNBIND Apr 4 22:00:09 foi slapd[11164]: conn=353 fd=23 closed
Apr 4 22:00:09 foi slapd[11162]: conn=354 fd=23 ACCEPT from IP=127.0.0.1:34947 (IP=0.0.0.0:389) Apr 4 22:00:09 foi slapd[11165]: conn=354 op=0 BIND dn="uid=trac.binduser,ou=bind-accounts,o=whyaskwhy" method=128 Apr 4 22:00:09 foi slapd[11165]: conn=354 op=0 BIND dn="uid=trac.binduser,ou=bind-accounts,o=whyaskwhy" mech=SIMPLE ssf=0 Apr 4 22:00:09 foi slapd[11165]: conn=354 op=0 RESULT tag=97 err=0 text= Apr 4 22:00:09 foi slapd[11164]: conn=354 op=1 CMP dn="cn=testing,ou=groups,o=whyaskwhy" attr="memberUid" Apr 4 22:00:09 foi slapd[11164]: conn=354 op=1 RESULT tag=111 err=6 text= Apr 4 22:00:10 foi slapd[11162]: conn=355 fd=24 ACCEPT from IP=127.0.0.1:34948 (IP=0.0.0.0:389) Apr 4 22:00:10 foi slapd[11165]: bind: invalid dn (trac.binduser,ou=bind-accounts,o=whyaskwhy,o=whyaskwhy) Apr 4 22:00:10 foi slapd[11165]: conn=355 op=0 RESULT tag=97 err=34 text=invalid DN Apr 4 22:00:10 foi slapd[11164]: conn=355 op=1 UNBIND Apr 4 22:00:10 foi slapd[11164]: conn=355 fd=24 closed
I'll be glad to furnish other information upon request.
Thank you for your time.
Attachments (0)
Change History (1)
comment:1 Changed 19 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Trac Release: | 0.9 → 0.10 |
Note: See
TracTickets for help on using
tickets.
Should be fixed in [905]