Which plugin interfaces do we want to activate?

by Maurits van Rees — last modified Dec 30, 2008 05:55 PM

With PlonePAS and LDAPMultiPlugins you can and should specify which functions (called plugin interfaces) you want your LDAP to perform. Do you just want authentication or do you also want to add users to LDAP from within Plone? Things like that. Below is a description of the various Plugin interfaces that are defined in PluggableAuthService or PlonePAS.

Patch for LDAPMultiPlugins
^^^^^^^^^^^^^^^^^^^^^^^^^^

Some plugin interfaces are marked below as: "needs patch". That means
it only works with LDAPMultiPlugins patched with this patch_.

.. _patch: http://antiloop.plone.org/LDAPMultiPlugins-plone.org.patch

Many thanks go to Wichert Akkerman for creating this patch. Note that
this patch currently stands no chance of being included into the
LDAPMultiPlugins source code itself, as it depends on PlonePAS and so
it depends on Plone. Jens Vagelpohl (who is co author of
LDAPMultiPlugins together with Chris McDonough) wants it to be usable
in a pure Zope site. Many thanks go to Jens and Chris too, of course!

Patch instructions
^^^^^^^^^^^^^^^^^^

This patch only works with the latest subversion checkout of
LDAPMultiPlugins. At the moment of writing, that is revision 1378.
If meanwhile LDAPMultiPlugins has a later revision number and the
patch fails, you can try it with revision 1378 and it should still
work. Please contact the plone-users mailing list or the authors of
this ldapconfig product or Wichert Akkerman, to inform them of the
problem. Go to the shell and do::

# Get LDAPMultiPlugins 1.4:
svn co http://svn.dataflake.org/svn/LDAPMultiPlugins/trunk LDAPMultiPlugins
# Get the patch:
wget http://antiloop.plone.org/LDAPMultiPlugins-plone.org.patch
# Change to the subversion checkout dir
cd LDAPMultiPlugins
# Apply the patch:
patch -p0 < ../LDAPMultiPlugins-plone.org.patch

This should give the following outcome::

patching file LDAPPluginBase.py
patching file LDAPMultiPlugin.py
patching file property.py

Plugin Interface descriptions
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Now we give a short description of the available plugins and say if it
needs a patch or needs LDAPMultiPlugins version 1.3 (or higher). If
nothing is said, it works with version 1.2 (and should also work with
1.3). If you have a completely patched LDAPMultiPlugins by the
instructions above, all plugins will be available to you.

From Products.PluggableAuthService.interfaces.plugins
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- IAuthenticationPlugin: Map credentials to a user ID.

- ICredentialsResetPlugin: Callback: user has logged out.

- IGroupEnumerationPlugin: Allow querying groups by ID, and searching
for groups.

- IGroupsPlugin: Determine the groups to which a user belongs.

- IPropertiesPlugin: Return a property set for a user.

- IRoleEnumerationPlugin: Allow querying roles by ID, and searching
for roles.

- IUserEnumerationPlugin: Allow querying users by ID, and searching
for users; also needed for listing users in a group.

- IRolesPlugin: Determine the (global) roles which a user has.

- ICredentialsUpdatePlugin: Callback: user has changed her password.
Needs LDAPMultiPlugins 1.3

- IUserAdderPlugin: Create a new user record in a User Manager.
Needs patch.

From Products.PlonePAS.interfaces.group
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- IGroupManagement: add, update, remove, set roles for group.
Needs patch.

- IGroupIntrospection: get group ids etc, get members of group.

From Products.PlonePAS.interfaces.plugins
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

- IUserManagement: Manage users (change password or delete user)
Needs patch.