The LDAPMultiPlugins provides PluggableAuthService plugins that use LDAP as
the backend for the services they provide. The PluggableAuthService is a
Zope user folder product that can be extended in modular fashion using
Properties of the ADMultiPlugin instance:
- groupid_attr - the LDAP attribute used for group ids.
- grouptitle_attr - the LDAP attribute used to compose group titles.
- group_class - the LDAP class of group objects.
- group_recurse - boolean indicating whether to determine group
memberships of a user by unrolling nested group relationships
(expensive). This feature is not guaranteed to work at this moment.
In order for groups support to work correctly, you may have to set the
following properties. Every situation is different, but this has helped
some people succeed:
- On the “Properties” tab for the ActiveDirectoryMultiPlugin, set the
groupid_attr property to “name”.
- On the contained LDAPUserFolder’s “Configure” tab, choose a
property other than “objectGUID”, e.g. “sAMAccountName” for the
User ID property. To get to the LDAPUserFolder, click on the
ActiveDirectoryMultiPlugin “Content” tab.
Please see README.ActiveDirectory from the LDAPUserFolder package for
To see earlier changes please see HISTORY.txt.
- Bug: When a user could not be authenticated, the plugins
would incorrectly return a tuple (None, None) instead
of just None as specified in the PAS IAuthenticationPlugin
- Bug: Demangling user prefix could not deal with non-string user
ids, which may appear in certain cases.
- Feature: Added some Sphinx documentation (backport from trunk)
- Reorganisation: Move documentation text files around to conform
to the zope.org repository policy on package layout.
- Bug: Added GenericSetup magic to fully provide the INode interface
for the exporter and importer classes, making it easier to nest
within other importers.
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.