| 81 | |
| 82 | Or the LDAP interface to a Microsoft Active Directory: |
| 83 | |
| 84 | {{{ |
| 85 | <Location /trac/> |
| 86 | SetHandler mod_python |
| 87 | PythonHandler trac.web.modpython_frontend |
| 88 | PythonOption TracEnv /home/trac/ |
| 89 | PythonOption TracUriRoot /trac/ |
| 90 | Order deny,allow |
| 91 | Deny from all |
| 92 | Allow from 192.168.11.0/24 |
| 93 | AuthType Basic |
| 94 | AuthName "Trac" |
| 95 | AuthBasicProvider "ldap" |
| 96 | AuthLDAPURL "ldap://adserver.company.com:3268/DC=ad,DC=company,DC=com?sAMAccountName?sub?(objectClass=user)" |
| 97 | authzldapauthoritative Off |
| 98 | require valid-user |
| 99 | </Location> |
| 100 | }}} |
| 101 | |
| 102 | PS: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD. The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong. Notice the port is 3268, not the normal LDAP 389. |
| 103 | |