Context Navigation

Modify ↓

#3667 closed enhancement (duplicate)

LDAP User information mapping

Reported by:	anonymous	Owned by:	Jonas Borgström
Priority:	normal	Milestone:
Component:	general	Version:	0.9.6
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

My situation: My network uses Kerberos for authentication and LDAP for user information. This is a standard Windows Active Directory configuration. Apache is configured for Kerberos, and returns a canonical principal name as the user name for any applications. This usually takes the form of username@….

This works "basically" with Trac. Trac creates a new user as username@… on login. It breaks down because in this environment username can be renamed, and is, often. People get married. This is standard operating procedure on Windows AD (and other Kerberos+LDAP networks I am aware of).

So, Trac sees this as two users. No information is remembered between them. Because of the number of users, I cannot manage this manually.

My suggestion is basically this. The ability, built in or not, for Trac to take the user name token passed by Apache, look it up in LDAP, to return both DisplayName and UserID. Trac would store information keyed on UserID, and display DisplayName to the user. These would be looked up on each user login.

Additionally, I would like lists that allow the user to select a User, to be prepopulated from a LDAP query. These queries should be configurable.

Thank you!

Attachments (0)

Change History (3)

comment:1 by wasabi@…, 18 years ago

My email is wasabi@…

comment:2 by anonymous, 18 years ago

This probably should be filed on trac-hacks as an enhancement for th:LdapPlugin.

comment:3 by Christian Boos, 18 years ago

Resolution:	→ duplicate
Status:	new → closed

See #3737, which discusses the same problem in the general case.

Modify Ticket

Change Properties

Summary:
Description:	My situation: My network uses Kerberos for authentication and LDAP for user information. This is a standard Windows Active Directory configuration. Apache is configured for Kerberos, and returns a canonical principal name as the user name for any applications. This usually takes the form of username@REALM.ORG. This works "basically" with Trac. Trac creates a new user as username@REALM.ORG on login. It breaks down because in this environment username can be renamed, and is, often. People get married. This is standard operating procedure on Windows AD (and other Kerberos+LDAP networks I am aware of). So, Trac sees this as two users. No information is remembered between them. Because of the number of users, I cannot manage this manually. My suggestion is basically this. The ability, built in or not, for Trac to take the user name token passed by Apache, look it up in LDAP, to return both DisplayName and UserID. Trac would store information keyed on UserID, and display DisplayName to the user. These would be looked up on each user login. Additionally, I would like lists that allow the user to select a User, to be prepopulated from a LDAP query. These queries should be configurable. Thank you! You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jonas Borgström.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: