LDAP User information mapping
|Reported by:||anonymous||Owned by:||Jonas Borgström|
My situation: My network uses Kerberos for authentication and LDAP for user information. This is a standard Windows Active Directory configuration. Apache is configured for Kerberos, and returns a canonical principal name as the user name for any applications. This usually takes the form of username@….
This works "basically" with Trac. Trac creates a new user as username@… on login. It breaks down because in this environment username can be renamed, and is, often. People get married. This is standard operating procedure on Windows AD (and other Kerberos+LDAP networks I am aware of).
So, Trac sees this as two users. No information is remembered between them. Because of the number of users, I cannot manage this manually.
My suggestion is basically this. The ability, built in or not, for Trac to take the user name token passed by Apache, look it up in LDAP, to return both DisplayName and UserID. Trac would store information keyed on UserID, and display DisplayName to the user. These would be looked up on each user login.
Additionally, I would like lists that allow the user to select a User, to be prepopulated from a LDAP query. These queries should be configurable.