PloneLDAP

Warning
This product has not had a release in over 1 year and may no longer be maintained.
by Wichert Akkerman last modified Nov 14, 2011 09:28 PM

The PloneLDAP product is intended to make it easier to use LDAP connections in a Plone website. It contains PAS plugins which allow using of LDAP and Active Directory servers in a Plone site.

Project Description

NOTE: Project superceded

If you use a modern version of Plone, we recommend using http://pypi.python.org/pypi/plone.app.ldap for using LDAP with Plone.

Introduction

The PloneLDAP product is intended to make it easier to use LDAP connections in a Plone website. It builds upon the excellent LDAPMultiPlugins and "LDAPUserFolder products which provide the basic LDAP infrastructure.

The extra functionality provided by this product require features beyond that are not part of the standard Pluggable Authentication Service, which is why they are not included in LDAPMultiPlugins.

PloneLDAP integrates LDAP fully into your Plone site:

  • users in an LDAP database can be used as normal users in Plone. You can search for them, assign roles to them, create them and remove them.
  • groups in an LDAP database can be used as normal groups in Plone. You can view them, manage group members, create new groups and remove them. LDAP groups can only have LDAP users as members. LDAP users can be group members of non-LDAP groups.
  • member properties for LDAP users need not be stored completely in the LDAP database: you can mix LDAP and ZODB-stored properties.

Please note that if you are using Active Directory all access is read-only.

Requirements

  • Plone 2.5 or later
  • python-ldap
  • LDAPUserFolder 2.8
  • LDAPMultiPlugins 1.5

PloneLDAP has been developed for Plone 3.0. While it does support Plone 2.5 it is highly recommended to use Plone 3.0.

Installation

First you need to install the python-ldap package and the LDAPUserFolder, LDAPMultiPlugins and PloneLDAP products.

PloneLDAP provides PAS plugins that you can use to get your site talking to LDAP or Active Directory. To install them go the acl_users folder in your site. Select the right plugin from the dropdown menu in the top right: use 'Plone LDAP Plugin' if you want to connect to a standard LDAP server or 'Plone Active Directory Plugin' if you want to connect to a Microsoft Active Directory server.

After selecting the plugin type you will see a screen where you need to submit the configuration information. Consult your LDAP or AD administrator if you are not sure what the correct information is.

After creating the plugin it has to be activated. To do this go to the plugin in the ZMI and go to the 'navigate' tab, select all plugin types and click on the 'Update' button.

As a final change you will need to reorder the plugin order. Reodering can be done by clicking on the name of a plugin type, selecting a plugin in the 'Active Plugins' list and using the up and down arrows to change the ordering. The required ordering changes are:

  • Properties: LDAP has to be the top plugin
  • Group_Management: LDAP should be the top plugin if you want to create groups in the LDAP database
  • User_Adder: has to be the top plugin if you want new users to be created in LDAP
  • User_Management: LDAP has to be the top plugin

LDAP caveats

LDAPUserFolder

Inside the PloneLDAP PAS plugin you will see another acl_users user folder. This is a ''LDAPUserFolder'' instance, which is used to manage the low-level communication with the LDAP server. By updating its properties you can reconfigure your LDAP connection.

The LDAPUserFolder instance is only used to communicate with the LDAP server. Its user and group management facilities are not used. You can use it to quickly test if your LDAP connection is correctly configured.

If you make any changes in users or groups through the LDAPUserFolder ZMI interfaces these will be applied to the LDAP server but the caches used by the PloneLDAP plugin will not be invalidated correctly. This may lead to unexpected results and it is strongly recommended to only use the Plone interface to update users and groups.

Credits

Funding
CentrePoint
Implementation
Simplon, Wichert Akkerman

Current Release
PloneLDAP 1.0

Released Nov 12, 2007 — tested with Plone 2.5, Plone 3

First public release
More about this release…

Download file Get PloneLDAP for all platforms
1.0rc3 Product Package
Download file Get PloneLDAP for all platforms
1.0rc3 Bundle download with all required products (LDAPUserFolder, LDAPMultiPlugins and PloneLDAP)
Download file Get PloneLDAP for all platforms
1.0 Final Product Package
Download file Get PloneLDAP for all platforms
1.0 final Bundle download with all required products (LDAPUserFolder, LDAPMultiPlugins and PloneLDAP)
If you are using Plone 3.2 or higher, you probably want to install this product with buildout. See our tutorial on installing add-on products with buildout for more information.

All Releases

Version Released Description Compatibility Status
1.0 Nov 12, 2007 First public release More about this release…
Plone 2.5
Plone 3
 final

Comments (6)

Volker Wend Dec 02, 2010 07:44 AM
Please do not install this product.
T. Kim Nguyen Jan 03, 2011 07:49 PM
Why not?
swordsman Jan 05, 2011 01:07 PM
Why not??
Michael Cyr Jan 22, 2011 11:40 PM
Maybe because with Plone 4.0.2 buildout of plone.app.ldap fails? Found the following which kinda works (ldapuserfolder still throws errors during buildout and when activating plone ldap, you better not activate ldapuserfolder, or bye-bye plone site.)

1. Install python-ldap 2.6 (C:\Python26)
2. Install Plone 4.0 with the installer (D:\Plone)
3. Edit buildout.cfg with plone.app.ldap in the EGG and ZCML section
4. Create a new folder called python_ldap-2.3.12-py2.6.egg in D:\Plone\buildout-cache\eggs\
5. Copy C:\Python26\lib\site-packages\python_ldap-2.3.12-py2.6.egg-info to D:\Plone\buildout-cache\eggs\python_ldap-2.3.12-py2.6.egg\ and rename to EGG-INFO
6. Also copy the ldap folder in C:\Python26\lib\site-packages\ to D:\Plone\buildout-cache\eggs\python_ldap-2.3.12-py2.6.egg\
7. Also copy the file ldapurl.py to C:\Python26\lib\site-packages\ to D:\Plone\buildout-cache\eggs\python_ldap-2.3.12-py2.6.egg\
8. Next copy:
folder: C:\Python26\lib\site-packages\python_ldap-2.3.12-py2.6.egg-info
folder: C:\Python26\lib\site-packages\ldap
to D:\Plone\python\Lib\site-packages
9. Start commandbox and run bin\buildout
10. Start Plone, log in as admin and go to the extra products section. Here you will find the LDAP product. Install it and enter you LDAP details.

In my situation, for LDAP-SSL, I also need to edit ldapdelegate.py to add the ignore self-signed certificate stuff.

Also, in "Add-ons" after activating "LDAP Support 1.2.4" the followng is displayed, but LDAP does work

LDAP support 1.2.4

    * Manage LDAP and Active Directory support for Plone.
    * This add-on has been upgraded. Old profile version was unknown. New profile version is 1.2.4. There is no upgrade procedure defined for this add-on. Please consult the add-on documentation for upgrade information, or contact the add-on author.
Felipe Roquette May 18, 2011 12:15 PM
Michael, your comment is VERY valuable and useful. I think we should add it somewhere else (manual or kb).
I did that on a fresh plone 4.0.5.

Thank you!
Michael Wunderlich Sep 18, 2011 11:39 AM
Finally happy with 4.0.7 debug buildout / can recommend Michael Cyr's comment in products/ploneldap/ but it needs more emphasis and links for newbies especially using seperate install and use of Python 2.6.6
- non-Python newbies wouldn't initially consider creating a seperate installation of Python26, vcvarsall.bat proved a red-herring to me as well as the attempt to load the wrong Python version (2.4)... hope this helps
Michael Wunderlich - 18 September 2011