Could you do this with mod_authnz_external?
Trac registration comes with the account manager plugin, and you can also direct Apache and Trac to use the same htdigest file, like so (here, I am using Trac's htdigest to identify users to subversion). <Location /svn/> DAV svn SVNParentPath "/export/home/dc12360/Nobody/Svn" AuthzSVNAccessFile "/export/home/dc12360/Nobody/Conf/svn.access" Satisfy Any Require valid-user AuthType Digest AuthName "ProjectFortress" AuthDigestDomain /svn/ AuthDigestProvider file AuthUserFile "/export/home/dc12360/Nobody/Conf/users.htdigest" </Location> This isn't exactly what I want -- the separation of read/write permission still occurs in svn.access, which requires separate modification. I'd like to have some way to consult the Trac groups and permissions before granting write access (but I am very much Apache-config-impaired -- for example, I do not know if the order of the lines in the excerpt above matters, though I suppose it would be an easy experiment to find out). This also doesn't solve your problem, because you want to consult LDAP first. But my suspicion is that the answer might be here, rather than in Trac. On 2007-04-27, at 3:00 PM, Thomas Vander Stichele wrote: > I'm revamping our trac setups, and there is something we would like to > be able to do, but I'm not sure it's possible or what would need > changing to make it possible. > > Here's what we would like to do somehow: > 1) by default, login authenticates against LDAP. (We use LDAP/SSL and > non-anonymous binds) > 2) if ldap says no, I'd like to use the openid plugin and allow people > to authenticate themselves that way. > 3) if this says no, I'd like people to be able to create an account > and > log in with that; this account can then be used on all of our tracs at > once. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---