But to the point. When we decide to install Trac as Apache/httpd application it comes with some basic authentication based on unix password. The following is typical configuration:
<virtualHost *:80> ServerName trac.example.com <location /> SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /var/www/trac PythonOption TracUriRoot / </location> <location "/login"> AuthType Basic AuthName "trac" AuthUserFile /var/www/trac/auth-file Require valid-user </location> </virtualHost>
For switching to LDAP authentication use following:
<virtualhost *:80 > ServerName trac.example.com <location /> SetHandler mod_python PythonHandler trac.web.modpython_frontend PythonOption TracEnv /var/www/trac PythonOption TracUriRoot / </location> <location "/login" > AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPBindDN "DOMAIN\\BINDUSER" AuthLDAPBindPassword PASSWORD AuthLDAPUrl LDAPUTL AuthName "Authorization required" Require valid-user </location> </VirtualHost>
BindDN - the Distinguished Name binddn to bind to the LDAP directory
DOMAIN - name of the domain
BINDUSER - special bind user for accessing non-public data
PASSWORD - password for BINDUSER
LDAPURL - ldap://HOST:389/SEARCHBASE?sAMAccountName?sub
SEARCHBASE - the starting point for the search
The following command can be used to test your LDAP connection:
ldapsearch -h HOST -b "SEARCHBASE" -D "DOMAIN\\BINDUSER" -s sub -x -w PASSWORD "(givenName=K*)"