Zope 2 PAS Plugin providing groups from LDAP directory
This PAS plugin let you connect to some LDAP-Server. We’ve tested it with OpenLDAP, Apples OpenDirectory and Microsoft Active Directory.
Groups are read-only, so you cant add new groups from Plone into LDAP. This may be added optional in future.
You dont need any mapping like in LDAPMultiPlugins. It just take all groups from the DN you search in. You can use PASGroupsFromLDAP together with LDAPMultiPlugins. But ensure to disable all group related plugins of LDAPMultiPlugins.
PASGroupsFromLDAP is a multi-plugin supporting the interfaces:
- IGroupsPlugin (from PluggableAuthService, short PAS)
- IGroupEnumerationPlugin (from PAS)
- IGroupIntrospection (from PlonePAS)
- IPropertiesPlugin (from PAS)
Latest release or subversion needs those steps:
- make sure you have python-ldap installed, for example on Debian based OS sudo apt-get install python-ldap or include it into your buildout.
- using buildout, add Products.PASGroupsFromLDAP to the eggs sections of your zope instance.
- portal_setup or quickinstaller and install it.
- in ZMI YOURPLONE/acl_users/groups_from_ldap/manage you can change LDAP settings
- go to the IPropertiesPlugin configuration and make sure groups_from_ldap is on the top.
Update from oldschool product to egg:
In case you need to upgrade an zope instance using an old, non-eggified version, of this module you need to fix your zope like so:
Start zope in debug mode:
>>> app['Control_Panel']['Products'].manage_delObjects(['PASGroupsFromLDAP']) >>> import transaction() >>> transaction.commit()
Delete PASGroupsFromLDAP plugin from you acl_users.
Re-create the plugin.
- Cleanup adding / editing of the plugin.
- Do not add a default groups_from_ldap object due setuphandler
- Added a configureable property that points on the user attribute to be matched for group lookups (gogo).
- require version of bda.ldap with configure.zcml and include configure.zcml (ldr)
- Fix the sometimes weird adding and edit mechanisms (rnix - 2009-03-10).
- Write ZMI add form for plugin. Nobody missed it yet?? (rnix - 2009-03-10)
- Document update procedure (rnix - 2009-03-10)
- set p_changed True after managing configuration. This bug was never detected since the LDAP Session itself was previously persisted in the plugin. (rnix - 2009-02-16)
- Fix ldap property on plugin object due to changes in bda.ldap. (rnix - 2009-02-10)
- 1.1 and before
- Initial work.