Getting email address from LDAP/AD

106 views
Skip to first unread message

Morris

unread,
Aug 7, 2007, 2:50:22 PM8/7/07
to Trac Users
Situation: I am logging users into Trac with SSPI authentication in
Apache. Once users are logged in, I don't want them to have to enter
their email address on the "Preferences" page so that notification
emails will work -- we have an AD server setup, so when Trac is going
through it's email notification logic, I want it to:
- see if the owner/subscribers have entered an email address, per the
existing "preferences" mechanism; if they have, use that
- if they haven't entered an email address this way, then I'd like it
to go query the AD server for a user matching their username -- if one
matches, use that email instead

I've got a Python script that works like a champ, built on Tim
Golden's awesome active_directory package (http://
tgolden.sc.sabren.com/python/active_directory.html) -- when run
standalone, it works flawlessly, exactly as I want it to. However,
and this is the rub, when I hack the same simple code into the
appropriate place in the Trac codebase (e.g., /trac/notification.py:
286 or so), it fails to match the username up with a user.

The only thing I can think of is that when I run the script
standalone, I run it as my logged-in user account -- when Trac runs
the same code, it is running it via it's parent process' (Apache)
creds (as "System" in this case).

Any thoughts? Tips? And if you have an entirely different but better
way to accomplish what I'm trying to accomplish, please smack me and
say so :D

Thanks in advance...

P.S. -- yes, I've seen the thread "Drop down list for LDAP users and
email" (http://groups.google.com/group/trac-users/browse_thread/thread/
a80be94fd53c9bbe/eab6797d74becd62?lnk=gst&q=ldap
+email&rnum=1#eab6797d74becd62)

Emmanuel Blot

unread,
Aug 7, 2007, 3:35:48 PM8/7/07
to trac-...@googlegroups.com
There is a long lasting ticket to implement a IUserDirectory
interface, but it has been forgotten. Look for IUserDirectory on
trac.edgewall.org (#2456)


--
Manu

Morris

unread,
Aug 7, 2007, 3:44:19 PM8/7/07
to Trac Users
Yeah, I discovered this too -- and while it sounds like the answer to
my problem, it hasn't been implemented yet :/ Is there no way to hack
in what I'm trying to do now?

On Aug 7, 3:35 pm, "Emmanuel Blot" <manu.b...@gmail.com> wrote:
> There is a long lasting ticket to implement a IUserDirectory
> interface, but it has been forgotten. Look for IUserDirectory on
> trac.edgewall.org (#2456)
>

Morris

unread,
Aug 8, 2007, 9:42:46 AM8/8/07
to Trac Users
FYI: my problem had nothing to do with Apache or Trac -- it was all
Active Directory permissions. My company has our AD server locked
down so that any action, even a read-only search, requires
authentication. Making the Apache service run as an authenticated
user solved the "problem".

> > Manu- Hide quoted text -
>
> - Show quoted text -

Reply all
Reply to author
Forward
0 new messages