LDAP/Active Directory support for Plone
Project description
Introduction
The PloneLDAP product is intended to make it easier to use LDAP connections in a Plone website. It builds upon the excellent LDAPMultiPlugins and “LDAPUserFolder products which provide the basic LDAP infrastructure.
The extra functionality provided by this product require features beyond that are not part of the standard Pluggable Authentication Service, which is why they are not included in LDAPMultiPlugins.
PloneLDAP integrates LDAP fully into your Plone site:
users in an LDAP database can be used as normal users in Plone. You can search for them, assign roles to them, create them and remove them.
groups in an LDAP database can be used as normal groups in Plone. You can view them, manage group members, create new groups and remove them. LDAP groups can only have LDAP users as members. LDAP users can be group members of non-LDAP groups.
member properties for LDAP users need not be stored completely in the LDAP database: you can mix LDAP and ZODB-stored properties.
Please note that if you are using Active Directory all access is read-only.
Requirements
Plone 2.5 or later
LDAPUserFolder 2.8
LDAPMultiPlugins 1.5
PloneLDAP has been developed for Plone 3.0. While it does support Plone 2.5 it is highly recommended to use Plone 3.0.
Installation
First you need to install the python-ldap package and the LDAPUserFolder, LDAPMultiPlugins and PloneLDAP products in the Products folder of your Zope instance.
Do not install LDAPUserFolder from the Plone site setup screen. This will break your Plone site.
PloneLDAP provides PAS plugins that you can use to get your site talking to LDAP or Active Directory. To install them go the acl_users folder in your site. Select the right plugin from the dropdown menu in the top right: use ‘Plone LDAP Plugin’ if you want to connect to a standard LDAP server or ‘Plone Active Directory Plugin’ if you want to connect to a Microsoft Active Directory server.
After selecting the plugin type you will see a screen where you need to submit the configuration information. Consult your LDAP or AD administrator if you are not sure what the correct information is.
After creating the plugin it has to be activated. To do this go to the plugin in the ZMI and go to the ‘navigate’ tab, select all plugin types and click on the ‘Update’ button.
As a final change you will need to reorder the plugin order. Reodering can be done by clicking on the name of a plugin type, selecting a plugin in the ‘Active Plugins’ list and using the up and down arrows to change the ordering. The required ordering changes are:
Properties: LDAP has to be the top plugin
Group_Management: LDAP should be the top plugin if you want to create groups in the LDAP database
User_Adder: has to be the top plugin if you want new users to be created in LDAP
User_Management: LDAP has to be the top plugin
LDAP caveats
LDAPUserFolder
Inside the PloneLDAP PAS plugin you will see another acl_users user folder. This is a ‘’LDAPUserFolder’’ instance, which is used to manage the low-level communication with the LDAP server. By updating its properties you can reconfigure your LDAP connection.
The LDAPUserFolder instance is only used to communicate with the LDAP server. Its user and group management facilities are not used. You can use it to quickly test if your LDAP connection is correctly configured.
If you make any changes in users or groups through the LDAPUserFolder ZMI interfaces these will be applied to the LDAP server but the caches used by the PloneLDAP plugin will not be invalidated correctly. This may lead to unexpected results and it is strongly recommended to only use the Plone interface to update users and groups.
Credits
- Funding
- Implementation
Simplon, Wichert Akkerman
Copyright
PloneLDAP is copyright 2007 by Simplon and licensed under the GNU General Public License, version 2.
Changes
1.0
Hide LDAPUserFolder from the list of Add-On Products since installing it will kill your Plone site. Plone 3.0 only.
Fix incorrect security declaration for doDeleteUser
1.0rc3
Fix getGroupMembers to return user ids instead of login names for group members. This broke group membership listing in environments where userid and login name differ (for example AD environments). Thanks to Netcentric for discovering this and helping me fix it.
Add some protection against invalid (None) results of group related searches.
Add more information about the capabilities and caveats of LDAP use in Plone.
1.0rc2
Improve the documentation.
Add missing cache invalidation for role management and user deletion.
Fix updating of single-valued member properties.
Use a different method to get the containing LDAPUserFolder. This allows use of PloneLDAP outside of a CMF site.
1.0rc1
Fix setting of object classes when creating a new plugin instance.
Fix member property sheets: RAM caching does not like it when you try to store non-pickleable data.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for Products.PloneLDAP-1.0-py2.4.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5d99d69b0b93e75a6f0858ef77464c543b534d4914913a9c8e5ce9de9477829e |
|
MD5 | 9cefea56fdd80ca5076f7ce2f0a9c584 |
|
BLAKE2b-256 | 354a2ae27237fec8c4df323a05dd5dfdf279d86b32da7ff795919d29f9f4296a |