Authentication of Plone 2.5 (Zope 2.9) against a Windows 2003 Active Directory
This article is a step by step process of setting up Plone 2.5 running on Windows to authenticate against a Windows 2003 Active Directory
Plone 2.5 running on Zope 2.9 using Python 2.4 can be setup to authenticate against Windows 2003 Active Directory. To perform this, download the following products and install the same in the order mentioned below:
- Install python ldap2.0.6 http://python-ldap.sourceforge.net (Ensure that the Plone version uses Python 2.4 else the installer will not proceed. If you are unable to point the installer to the correct Python path, search Windows registry and edit the Python Path to Plone's Python folder)
- LDAP User folder and LDAP Group user folder from www.plone.org/product s( make sure to unzip the products into Zope's product folder at Zope/Lib/Python/Product
- Ensure that you have Active Directory for Windows 2003 installed and running on your Windows 2003 before you begin.
- Login to the Zope Management Interface from the Plone controller's View Zope Management Interface or from the web browser directly.
- Once logged in, click the Plone icon on the left menu and delete the acl_users directory from there.
- Ensure that the main acl_users directory on the Zope Management Interface is untouched.
- Once you have deleted the acl_users directory add an Group User Folder by selecting the same from the Products Combo box.
- Click Add by selecting the Add button. Click on the newly added acl_users link under the Plone directory and select sources
- You will now see two links namely User Folder and Group User Folder. Below these 2 table entries is a combo box
- Click on the combo box and select LDAP User folder and press "Add"
- On the next screen, scroll down to the bottom and enter your LDAP server details for Window 2003 (specifying the address and port numbers)
- Scroll back to the top of the screen and enter the LDAP server details.
- If you are using Active Directory to validate your Windows domain authentication, you need to add an attribute by name "sAMAccountName" under the LDAP Schema tab by clicking on the LDAP Schema tab and adding a new attribute named "sAMAccountName"
- Return to the Configure screen by clicking on the Configure tab
- Choose sAMAccountName as the values of Login Name Attribute, User ID Attribute and RDN Attribute if the sAMAccountName had been added in the previous steps
- Enter the relevant DN values
- Enter user role as "Authenticated"
- Click on apply changes
With these steps, the LDAP configuration for Plone 2.5 against Windows 2003 is complete