I'm sorry to ask an Apache question here but it is on topic for this thread and it's been something I've wondered for a long time. Currently I have a Linux Apache/SSL/SVN/Trac setup for about a 15-user group done as a SSO but through htpasswd files. Our "real" IT system is an NT active directory domain. I looked at how I might be able to authenticate against that and got quickly overwhelmed (I'm just a dev setting up a server, not an IT guy and certainly not an MS IT guy).
OK, getting to the point and my question. I heard that AD is "compatible" with LDAP (or an implementation thereof). Assuming that, if I can get LDAP to work is there a way to map LDAP (NT) names to Apache names, i.e. I don't want the users named "SillyITDomainName\CrazyUserName" -- in fact because there are shared accounts I can't even do this uniquely. In other words, there are 20,000 users or so, but I only want to allow about 15 of them, and I want to map them to some arbitrary signin name. The result is that all I take is the NT password (and possibly allow automatic NT auth through browser). Jason -----Original Message----- From: trac-users@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Wilson, Bruce E. Sent: Tuesday, November 13, 2007 10:52 AM To: trac-users@googlegroups.com Subject: [Trac] Re: Single Sign On Authentication Not sure what you're really asking for here, but I use LDAP integration with Apache (built in with 2.2) and have SSO working for both Trac and SVN, using a couple of different LDAP authorities here. I have the pages set up so that there's a /<projectname> root, with /<projectname>/svn and /<projectname>/trac. I configure Apache to protect /<projectname> with LDAP authentication and a list of allowed users. It's Basic authentication in Apache, so I force everything to https, again using Apache authentication. So, yes, it does prompt for username and password, but it's the same username and password as used everywhere else. Good enough for my purposes.... ============================================================ Bruce E. Wilson ([EMAIL PROTECTED]) Environmental Sciences Division Oak Ridge National Laboratory (office) +1-865-574-6651 -----Original Message----- From: trac-users@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of rupert thurner Sent: Sunday, November 11, 2007 12:02 AM To: Trac Users Subject: [Trac] Re: Single Sign On Authentication maybe kerberos/gssapi would be a possibility? see http://www.grolmsnet.de/kerbtut/ ... On Nov 10, 1:20 pm, anhD <[EMAIL PROTECTED]> wrote: > Hi All, > At my work place, we are using SSO for our web applications. I > am wondering if any is currently working on any plugin or anything > that may integrate with this? Basically, apache will help do the > authentication. If everything is successful, the user name is stored > in a variable in the session. I want to modify TRAC to use that > variable as the user login w/o having the need for the password and > automatically log the user in. > > Thanks, > Doug --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
