Attention

This document was written for an unsupported version of Plone, Plone 2.5.x, and was last updated 1262 days ago.

For more information, see the version support policy.

To learn how to upgrade to the current version of Plone, read the upgrade manual.

Authentication of Plone 2.5 (Zope 2.9) against a Windows 2003 Active Directory

by Karthik Ramesh last modified Dec 06, 2009 09:27 PM
Describes how to setup Plone 2.5 running on Zope 2.5 (using Python 4.0)to authenticate against Active Directory on Windows 2003

This article is a step by step process of setting up Plone 2.5 running on Windows to authenticate against a Windows 2003 Active Directory

Plone 2.5 running on Zope 2.9 using Python 2.4 can be setup to authenticate against Windows 2003 Active Directory. To perform this, download the following products and install the same in the order mentioned below:

  1. Install python ldap2.0.6 http://python-ldap.sourceforge.net (Ensure that the Plone version uses Python 2.4 else the installer will not proceed. If you are unable to point the installer to the correct Python path, search Windows registry and edit the Python Path to Plone's Python folder)
  2. LDAP User folder and LDAP Group user folder from www.plone.org/product s( make sure to unzip the products into Zope's product folder at Zope/Lib/Python/Product
  3. Ensure that you have Active Directory for Windows 2003 installed and running on your Windows 2003 before you begin.
  4. Login to the Zope Management Interface from the Plone controller's View Zope Management Interface or from the web browser directly.
  5. Once logged in, click the Plone icon on the left menu and delete the acl_users directory from there.
  6. Ensure that the main acl_users directory on the Zope Management Interface is untouched.
  7. Once you have deleted the acl_users directory add an Group User Folder by selecting the same from the Products Combo box.
  8. Click Add by selecting the Add button. Click on the newly added acl_users link under the Plone directory and select sources
  9. You will now see two links namely User Folder and Group User Folder. Below these 2 table entries is a combo box
    1. Click on the combo box and select LDAP User folder and press "Add"
    2. On the next screen, scroll down to the bottom and enter your LDAP server details for Window 2003 (specifying the address and port numbers)
      1. Scroll back to the top of the screen and enter the LDAP server details.
  • If you are using Active Directory to validate your Windows domain authentication, you need to add an attribute by name "sAMAccountName" under the LDAP Schema tab by clicking on the LDAP Schema tab and adding a new attribute named "sAMAccountName"
  • Return to the Configure screen by clicking on the Configure tab
  • Choose sAMAccountName as the values of  Login Name Attribute, User ID Attribute and RDN Attribute if the sAMAccountName had been added in the previous steps
  • Enter the relevant DN values
  • Enter user role as "Authenticated"
  • Click on apply changes
  • Repeat the step 9 for LDAP Group User Folder
  • Return to the main ZMI screen and add a cookie crumbler with name "credentials_cookie_auth"
  • Click on the portal_member_data link under Plone and choose Properties tab
  • Enter a new property called must_change_password with the values Name - must_change_password, Type - boolean, Value - Fals

    • With these steps, the LDAP configuration for Plone 2.5 against Windows 2003 is complete


    Contribute

    Something wrong or out of date? Anybody can edit or create a new article in the knowledge base. Simply create an account on this site, log in, and click the Edit button to contribute.