Introduction
============
The PloneLDAP product is intended to make it easier to use LDAP connections in
a Plone website. It builds upon the excellent LDAPMultiPlugins_ and
LDAPUserFolder_ products which provide the basic LDAP infrastructure.
For Plone 3.3 or higher, we recommend using `plone.app.ldap`_ for
having a nicer user interface for using LDAP with Plone. This uses
``PloneLDAP``.
.. _`plone.app.ldap`: http://pypi.python.org/pypi/plone.app.ldap
The extra functionality provided by this product require features
beyond that are not part of the standard Pluggable Authentication Service,
which is why they are not included in LDAPMultiPlugins.
.. _LDAPMultiPlugins: http://www.dataflake.org/software/ldapmultiplugins
.. _LDAPUserFolder: http://www.dataflake.org/software/ldapuserfolder
PloneLDAP integrates LDAP fully into your Plone site:
* users in an LDAP database can be used as normal users in Plone. You
can search for them, assign roles to them, create them and remove them.
* groups in an LDAP database can be used as normal groups in Plone. You
can view them, manage group members, create new groups and remove them.
LDAP groups can only have LDAP users as members. LDAP users can be
group members of non-LDAP groups.
* member properties for LDAP users need not be stored completely in the
LDAP database: you can mix LDAP and ZODB-stored properties.
Active Directory
================
Please note that if you are using Active Directory (AD) all access is
read-only. For example, you cannot add AD users to AD groups.
Requirements
============
* Plone 3.0 or later
* python-ldap_
* LDAPUserFolder 2.8 or later
* LDAPMultiPlugins 1.5 or later
.. _python-ldap: http://python-ldap.sourceforge.net/
Products.PloneLDAP depends on LDAPMultiPlugins and LDAPUserFolder, so they
will be installed automatically.
For the record, it has been tested with these most recent versions::
Plone = 4.2.2
Products.LDAPMultiPlugins = 1.14
Products.LDAPUserFolder = 2.24
dataflake.fakeldap = 1.1
python-ldap = 2.4.10
Installation
============
First you need to install the python-ldap package. Once that has been
installed you need to add the Products.PloneLDAP egg to your Plone instance.
If you use buildout just add ``Products.PloneLDAP`` to the list of required
eggs. Otherwise you will need to use ``easy_install``. See the documentation
on plone.org for more information on installing third party packages.
**Do not install LDAPUserFolder from the Plone site setup screen. This
will break your Plone site.**
PloneLDAP provides PAS plugins that you can use to get your site talking to
LDAP or Active Directory. To install them go the acl_users folder in your
site. Select the right plugin from the dropdown menu in the top right: use
'Plone LDAP Plugin' if you want to connect to a standard LDAP server or
'Plone Active Directory Plugin' if you want to connect to a Microsoft Active
Directory server.
After selecting the plugin type you will see a screen where you need to
submit the configuration information. Consult your LDAP or AD administrator
if you are not sure what the correct information is.
After creating the plugin it has to be activated. To do this go to the
plugin in the ZMI and go to the 'navigate' tab, select all plugin types
and click on the 'Update' button.
As a final change you will need to reorder the plugin order. Reodering
can be done by clicking on the name of a plugin type, selecting a plugin
in the 'Active Plugins' list and using the up and down arrows to change
the ordering. The required ordering changes are:
* Properties: LDAP has to be the top plugin
* Group_Management: LDAP should be the top plugin if you want to
create groups in the LDAP database
* User_Adder: has to be the top plugin if you want new users to be
created in LDAP
* User_Management: LDAP has to be the top plugin
LDAP caveats
============
LDAPUserFolder
--------------
Inside the PloneLDAP PAS plugin you will see another acl_users user folder.
This is a ''LDAPUserFolder'' instance, which is used to manage the low-level
communication with the LDAP server. By updating its properties you can
reconfigure your LDAP connection.
The LDAPUserFolder instance is only used to communicate with the LDAP server.
Its user and group management facilities are not used. You can use it to
quickly test if your LDAP connection is correctly configured.
If you make any changes in users or groups through the LDAPUserFolder ZMI
interfaces these will be applied to the LDAP server but the caches used
by the PloneLDAP plugin will not be invalidated correctly. This may lead
to unexpected results and it is strongly recommended to only use the Plone
interface to update users and groups.
Credits
=======
Funding
CentrePoint_
Implementation
Simplon_, Wichert Akkerman
.. _Simplon: http://www.simplon.biz/
.. _CentrePoint: http://centrepoint.org.uk/
Copyright
=========
PloneLDAP is copyright 2007,2008 by Simplon_ and licensed under the Zope
Public License, version 2.1.
Changes
=======
1.2 (2012-11-30)
----------------
* Only the LDAP plugin implements IGroupManagement, not the
ActiveDirectory plugin. This is for adding, removing and editing
groups.
* Code moved to https://github.com/collective/Products.PloneLDAP
* Let only the LDAP multi plugin implement the IGroupCapability
interface (add a user to a group or remove a user from a group).
Previously the AD multi plugin claimed to implement this too, but it
lacked the required methods, so this could lead to tracebacks. We
could instead add those methods via the mixin class, but but this
gave other tracebacks (in removePrincipalFromGroup) when I tried it
in one AD setup.
* Fix setProperties to split value into lines if lines property
receives a string instead of an iterable.
* When creating an Active Directory plugin configure LDAPUserFolder
to ignore disabled or non-user accounts. This requires
Products.LDAPUserFolder 2.11 or later.
1.1 (2008-06-10)
----------------
* Switch license to ZPL.
* Depend on the Products.LDAPMultiPlugins and Products.LDAPUserFolder.
* Switch to egg-only releases from now on.
1.0
---
* Hide LDAPUserFolder from the list of Add-On Products since installing it
will kill your Plone site. Plone 3.0 only.
* Fix incorrect security declaration for doDeleteUser
1.0rc3
------
* Fix getGroupMembers to return user ids instead of login names for group
members. This broke group membership listing in environments where userid
and login name differ (for example AD environments). Thanks to Netcentric
for discovering this and helping me fix it.
* Add some protection against invalid (None) results of group related
searches.
* Add more information about the capabilities and caveats of LDAP use in Plone.
1.0rc2
------
* Improve the documentation.
* Add missing cache invalidation for role management and user deletion.
* Fix updating of single-valued member properties.
* Use a different method to get the containing LDAPUserFolder. This allows
use of PloneLDAP outside of a CMF site.
1.0rc1
------
* Fix setting of object classes when creating a new plugin instance.
* Fix member property sheets: RAM caching does not like it when you try
to store non-pickleable data.
Raw data
{
"_id": null,
"home_page": "https://github.com/collective/Products.PloneLDAP",
"name": "Products.PloneLDAP",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "Zope CMF Plone LDAP authentication",
"author": "Wichert Akkerman - Simpon",
"author_email": "wichert@simplon.biz",
"download_url": "https://files.pythonhosted.org/packages/ec/06/1efbe89f273918a4e16a6531ac85de83f16c3a044e69dde68776ee6fc0e0/Products.PloneLDAP-1.2.zip",
"platform": "UNKNOWN",
"description": "Introduction\n============\nThe PloneLDAP product is intended to make it easier to use LDAP connections in\na Plone website. It builds upon the excellent LDAPMultiPlugins_ and\nLDAPUserFolder_ products which provide the basic LDAP infrastructure. \n\nFor Plone 3.3 or higher, we recommend using `plone.app.ldap`_ for\nhaving a nicer user interface for using LDAP with Plone. This uses\n``PloneLDAP``.\n\n.. _`plone.app.ldap`: http://pypi.python.org/pypi/plone.app.ldap\n\nThe extra functionality provided by this product require features\nbeyond that are not part of the standard Pluggable Authentication Service,\nwhich is why they are not included in LDAPMultiPlugins.\n\n.. _LDAPMultiPlugins: http://www.dataflake.org/software/ldapmultiplugins\n.. _LDAPUserFolder: http://www.dataflake.org/software/ldapuserfolder\n\nPloneLDAP integrates LDAP fully into your Plone site:\n\n* users in an LDAP database can be used as normal users in Plone. You\n can search for them, assign roles to them, create them and remove them.\n\n* groups in an LDAP database can be used as normal groups in Plone. You\n can view them, manage group members, create new groups and remove them.\n LDAP groups can only have LDAP users as members. LDAP users can be\n group members of non-LDAP groups.\n\n* member properties for LDAP users need not be stored completely in the\n LDAP database: you can mix LDAP and ZODB-stored properties.\n\n\nActive Directory\n================\n\nPlease note that if you are using Active Directory (AD) all access is\nread-only. For example, you cannot add AD users to AD groups.\n\n\nRequirements\n============\n\n* Plone 3.0 or later\n* python-ldap_\n* LDAPUserFolder 2.8 or later\n* LDAPMultiPlugins 1.5 or later\n\n.. _python-ldap: http://python-ldap.sourceforge.net/\n\nProducts.PloneLDAP depends on LDAPMultiPlugins and LDAPUserFolder, so they\nwill be installed automatically.\n\nFor the record, it has been tested with these most recent versions::\n\n Plone = 4.2.2\n Products.LDAPMultiPlugins = 1.14\n Products.LDAPUserFolder = 2.24\n dataflake.fakeldap = 1.1\n python-ldap = 2.4.10\n\n\nInstallation\n============\n\nFirst you need to install the python-ldap package. Once that has been\ninstalled you need to add the Products.PloneLDAP egg to your Plone instance.\nIf you use buildout just add ``Products.PloneLDAP`` to the list of required\neggs. Otherwise you will need to use ``easy_install``. See the documentation\non plone.org for more information on installing third party packages.\n\n **Do not install LDAPUserFolder from the Plone site setup screen. This\n will break your Plone site.**\n\nPloneLDAP provides PAS plugins that you can use to get your site talking to\nLDAP or Active Directory. To install them go the acl_users folder in your\nsite. Select the right plugin from the dropdown menu in the top right: use\n'Plone LDAP Plugin' if you want to connect to a standard LDAP server or\n'Plone Active Directory Plugin' if you want to connect to a Microsoft Active\nDirectory server. \n\nAfter selecting the plugin type you will see a screen where you need to\nsubmit the configuration information. Consult your LDAP or AD administrator\nif you are not sure what the correct information is.\n\nAfter creating the plugin it has to be activated. To do this go to the\nplugin in the ZMI and go to the 'navigate' tab, select all plugin types\nand click on the 'Update' button.\n\nAs a final change you will need to reorder the plugin order. Reodering\ncan be done by clicking on the name of a plugin type, selecting a plugin\nin the 'Active Plugins' list and using the up and down arrows to change\nthe ordering. The required ordering changes are:\n\n* Properties: LDAP has to be the top plugin\n* Group_Management: LDAP should be the top plugin if you want to\n create groups in the LDAP database\n* User_Adder: has to be the top plugin if you want new users to be\n created in LDAP\n* User_Management: LDAP has to be the top plugin\n\n\nLDAP caveats\n============\n\nLDAPUserFolder\n--------------\nInside the PloneLDAP PAS plugin you will see another acl_users user folder.\nThis is a ''LDAPUserFolder'' instance, which is used to manage the low-level\ncommunication with the LDAP server. By updating its properties you can\nreconfigure your LDAP connection.\n\nThe LDAPUserFolder instance is only used to communicate with the LDAP server.\nIts user and group management facilities are not used. You can use it to\nquickly test if your LDAP connection is correctly configured.\n\nIf you make any changes in users or groups through the LDAPUserFolder ZMI\ninterfaces these will be applied to the LDAP server but the caches used\nby the PloneLDAP plugin will not be invalidated correctly. This may lead\nto unexpected results and it is strongly recommended to only use the Plone\ninterface to update users and groups.\n\n\nCredits\n=======\n\nFunding\n CentrePoint_\n\nImplementation\n Simplon_, Wichert Akkerman\n \n\n.. _Simplon: http://www.simplon.biz/\n.. _CentrePoint: http://centrepoint.org.uk/\n\n\nCopyright\n=========\n\nPloneLDAP is copyright 2007,2008 by Simplon_ and licensed under the Zope\nPublic License, version 2.1.\n\nChanges\n=======\n\n1.2 (2012-11-30)\n----------------\n\n* Only the LDAP plugin implements IGroupManagement, not the\n ActiveDirectory plugin. This is for adding, removing and editing\n groups.\n\n* Code moved to https://github.com/collective/Products.PloneLDAP\n\n* Let only the LDAP multi plugin implement the IGroupCapability\n interface (add a user to a group or remove a user from a group).\n Previously the AD multi plugin claimed to implement this too, but it\n lacked the required methods, so this could lead to tracebacks. We\n could instead add those methods via the mixin class, but but this\n gave other tracebacks (in removePrincipalFromGroup) when I tried it\n in one AD setup.\n\n* Fix setProperties to split value into lines if lines property\n receives a string instead of an iterable.\n\n* When creating an Active Directory plugin configure LDAPUserFolder\n to ignore disabled or non-user accounts. This requires \n Products.LDAPUserFolder 2.11 or later.\n\n\n1.1 (2008-06-10)\n----------------\n\n* Switch license to ZPL.\n\n* Depend on the Products.LDAPMultiPlugins and Products.LDAPUserFolder.\n\n* Switch to egg-only releases from now on.\n\n\n1.0\n---\n\n* Hide LDAPUserFolder from the list of Add-On Products since installing it\n will kill your Plone site. Plone 3.0 only.\n\n* Fix incorrect security declaration for doDeleteUser\n\n\n1.0rc3\n------\n\n* Fix getGroupMembers to return user ids instead of login names for group\n members. This broke group membership listing in environments where userid\n and login name differ (for example AD environments). Thanks to Netcentric\n for discovering this and helping me fix it.\n\n* Add some protection against invalid (None) results of group related\n searches. \n\n* Add more information about the capabilities and caveats of LDAP use in Plone.\n\n\n1.0rc2\n------\n\n* Improve the documentation.\n\n* Add missing cache invalidation for role management and user deletion.\n\n* Fix updating of single-valued member properties.\n\n* Use a different method to get the containing LDAPUserFolder. This allows\n use of PloneLDAP outside of a CMF site.\n\n\n1.0rc1\n------\n\n* Fix setting of object classes when creating a new plugin instance.\n\n* Fix member property sheets: RAM caching does not like it when you try \n to store non-pickleable data.",
"bugtrack_url": null,
"license": "Zope Public License 2.1",
"summary": "LDAP/Active Directory support for Plone",
"version": "1.2",
"project_urls": {
"Download": "UNKNOWN",
"Homepage": "https://github.com/collective/Products.PloneLDAP"
},
"split_keywords": [
"zope",
"cmf",
"plone",
"ldap",
"authentication"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ec061efbe89f273918a4e16a6531ac85de83f16c3a044e69dde68776ee6fc0e0",
"md5": "46caa70e6676e7b4665deb0e20452d97",
"sha256": "7cddeb9275e95b81cb8c77aab9ed3b6c7f81fe92cb6894b19a7f1d5fcf849939"
},
"downloads": -1,
"filename": "Products.PloneLDAP-1.2.zip",
"has_sig": false,
"md5_digest": "46caa70e6676e7b4665deb0e20452d97",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 40930,
"upload_time": "2012-11-30T14:26:11",
"upload_time_iso_8601": "2012-11-30T14:26:11.352917Z",
"url": "https://files.pythonhosted.org/packages/ec/06/1efbe89f273918a4e16a6531ac85de83f16c3a044e69dde68776ee6fc0e0/Products.PloneLDAP-1.2.zip",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2012-11-30 14:26:11",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "collective",
"github_project": "Products.PloneLDAP",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "products.ploneldap"
}
JSON
