Patch for LDAPMultiPlugins
^^^^^^^^^^^^^^^^^^^^^^^^^^

Some plugin interfaces are marked below as: "needs patch". That means
it only works with LDAPMultiPlugins patched with this patch_.

.. _patch: http://antiloop.plone.org/LDAPMultiPlugins-plone.org.patch

Many thanks go to Wichert Akkerman for creating this patch. Note that
this patch currently stands no chance of being included into the
LDAPMultiPlugins source code itself, as it depends on PlonePAS and so
it depends on Plone. Jens Vagelpohl (who is co author of
LDAPMultiPlugins together with Chris McDonough) wants it to be usable
in a pure Zope site. Many thanks go to Jens and Chris too, of course!


Patch instructions
^^^^^^^^^^^^^^^^^^

This patch only works with the latest subversion checkout of
LDAPMultiPlugins. At the moment of writing, that is revision 1378.
If meanwhile LDAPMultiPlugins has a later revision number and the
patch fails, you can try it with revision 1378 and it should still
work. Please contact the plone-users mailing list or the authors of
this ldapconfig product or Wichert Akkerman, to inform them of the
problem. Go to the shell and do::

# Get LDAPMultiPlugins 1.4:
svn co http://svn.dataflake.org/svn/LDAPMultiPlugins/trunk LDAPMultiPlugins
# Get the patch:
wget http://antiloop.plone.org/LDAPMultiPlugins-plone.org.patch
# Change to the subversion checkout dir
cd LDAPMultiPlugins
# Apply the patch:
patch -p0 < ../LDAPMultiPlugins-plone.org.patch

This should give the following outcome::

patching file LDAPPluginBase.py
patching file LDAPMultiPlugin.py
patching file property.py


Plugin Interface descriptions
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Now we give a short description of the available plugins and say if it
needs a patch or needs LDAPMultiPlugins version 1.3 (or higher). If
nothing is said, it works with version 1.2 (and should also work with
1.3). If you have a completely patched LDAPMultiPlugins by the
instructions above, all plugins will be available to you.


From Products.PluggableAuthService.interfaces.plugins
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- IAuthenticationPlugin: Map credentials to a user ID.

- ICredentialsResetPlugin: Callback: user has logged out.

- IGroupEnumerationPlugin: Allow querying groups by ID, and searching
for groups.

- IGroupsPlugin: Determine the groups to which a user belongs.

- IPropertiesPlugin: Return a property set for a user.

- IRoleEnumerationPlugin: Allow querying roles by ID, and searching
for roles.

- IUserEnumerationPlugin: Allow querying users by ID, and searching
for users; also needed for listing users in a group.

- IRolesPlugin: Determine the (global) roles which a user has.

- ICredentialsUpdatePlugin: Callback: user has changed her password.
Needs LDAPMultiPlugins 1.3

- IUserAdderPlugin: Create a new user record in a User Manager.
Needs patch.

From Products.PlonePAS.interfaces.group
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- IGroupManagement: add, update, remove, set roles for group.
Needs patch.

- IGroupIntrospection: get group ids etc, get members of group.

From Products.PlonePAS.interfaces.plugins
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- IUserManagement: Manage users (change password or delete user)
Needs patch.

ldapconfig on plone.org
^^^^^^^^^^^^^^^^^^^^^^^

ldapconfig has a `product page`_ on plone.org. Most of the text there
comes from the documentation here on the file system.
reStructuredText is used for that. So if you want to update some text
on the product page, please change it in the subversion code first and
then upload the changed text.

.. _`product page`: http://plone.org/products/ldapconfig


Online documentation
^^^^^^^^^^^^^^^^^^^^

* `Howto`_: Plone 2.5 and OpenLDAP Integration for Users and Groups

* `User experience`_: Getting Plone 2.5 / PlonePAS working with LDAP

.. _`Howto`: http://plone.org/documentation/how-to/plone-2-5-and-openldap-integration-for-users-and-groups
.. _`User experience`: http://www2.le.ac.uk/Members/nd51/blog-rdf-pkb-9jd/blogentry.2006-06-22.7848776335


What is being done in this product?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

We want to get Plone and LDAP to communicate nicely together. The
following actions are needed then.

* Add our LDAP server to PlonePAS with an LDAPMultiPlugin.

* Tell PlonePAS which interfaces we want to activate. In other words:
do we want to use LDAP only for authentication or also for adding
users, managing groups, etcetera. Actually, at this point we
activate them all; later we can switch some off.

* Move our LDAP plugin to the front of the list for a few interfaces
where we want LDAP to be the first plugin that is consulted.


Ideas for the future
^^^^^^^^^^^^^^^^^^^^

It is a hassle to checkout LDAPMultiPlugins and apply the patch. It
would be far easier if we could just add that patch to this ldapconfig
product and apply it on the fly. We can do that via monkey patching
or better via the patching technique used in for instance the
CacheSetup product. If that works, then we can simply instruct users
to download LDAPMultiPlugins and ldapconfig, install them and they are
ready.

Maybe even better: create a PloneLDAPMultiPlugins product (or put that
somewhere in ldapconfig) that simply inherits from LDAPMultiPlugins
and takes care of all this.