LDAP control panel for Plone
.. image:: https://travis-ci.org/plone/plone.app.ldap.svg?branch=master
:target: https://travis-ci.org/plone/plone.app.ldap
.. image:: https://coveralls.io/repos/github/plone/plone.app.ldap/badge.svg?branch=master
:target: https://coveralls.io/github/plone/plone.app.ldap?branch=master
Overview
plone.app.ldap provides a user interface in a Plone site to manage
LDAP and Active Directory servers.
This package succeeds the simplon.plone.ldap package.
It builds on the functionality provided by LDAPMultiPlugins_, LDAPUserFolder_
and PloneLDAP_.
Active Directory
Active Directory provides an LDAP interface to its data. Using this interface
Plone can use both users and groups from an Active Directory system. Writing
to Active Directory is not supported.
With Active Directory you can use two different properties as login name:
userPrincipalName
and sAMAccountName
. sAMAccountName
is the plain
account name without any domain information and is only unique within a single
domain. If your environment only uses a single AD domain this option is the
best choice. For environments with multiple names the userPrincipalName
attribute can be used since this includes both account name and domain
information.
Since Plone does not support binary user ids it is not possible to use the
objectGUID
attribute as user ids. Instead you can use either
sAMAccountName
or userPrincipalName
. The same criteria for choosing a
login name also apply to selecting the user id attribute.
Newer versions of Active Directory may also work using the standard LDAP
plugin, which supports limited writing to AD, including modifying group
memberships. If your group objects have member
attributes containing the
user's full DN, the standard LDAP plugin should work for you. Note that this
will not support nested groups.
Standard LDAP
LDAP directory servers are fully supported. LDAP users and groups are usable
as standard Plone users and groups can be me managed normally. Creating and
deleting users and groups is supported.
Installing
This package works with Plone 3 and Plone 4. Plone 3 and Plone 4.0
users should install a version in the 1.2.* series
(e.g. plone.app.ldap < 1.3, the latest current release is 1.3.2), as
release 1.3 will only work with Plone 4.1 or higher.
This package depends on python-ldap
. In order to build it correctly you
need to have some development libraries included in your system. On a typical
Debian-based installation use::
sudo apt-get install python-dev libldap2-dev libsasl2-dev libssl-dev
Once the package is installed, it will be available as an add-on named
"LDAP support", and this add-on can be activated in a Plone instance
using the Add-ons section of the Plone Control Panel. Be careful, as this
package also currently installs LDAPUserFolder as a dependency, which makes
the add-on "LDAPUserFolder CMF Tools" available. Do not install this add-on!
It will replace the portal_membership tool and make your Plone site
unusable.
Install without buildout
First you need to install this package in the python path for your
Zope instance. This can be done by installing it in either your system
path packages (usually with ``pip`` or ``easy_install``) or in the
lib/python directory in your Zope instance.
After installing the package it needs to be registered in your Zope instance.
This can be done by putting a plone.app.ldap-configure.zcml file in the
etc/pakage-includes directory with this content::
<include package="plone.app.ldap" />
or, alternatively, you can add that line to the configure.zcml in a
package or Product that is already registered.
Installing with buildout
If you are using buildout
_ to manage your instance installing plone.app.ldap
is even simpler. You can install it by adding it to the eggs line for your
zope instance::
[instance]
eggs =
...
plone.app.ldap
.. _buildout: http://pypi.python.org/pypi/zc.buildout
Installing the development version
To specify the current development version you may use::
[buildout]
find-links =
...
http://github.com/plone/plone.app.ldap/tarball/master#egg=plone.app.ldap-dev
[instance]
eggs =
...
plone.app.ldap==dev
With ``pip`` that would be this::
pip install -f http://github.com/plone/plone.app.ldap/tarball/master#egg=plone.app.ldap-dev plone.app.ldap==dev
With ``easy_install``::
easy_install -f http://github.com/plone/plone.app.ldap/tarball/master#egg=plone.app.ldap-dev plone.app.ldap==dev
Copyright and credits
---------------------
Copyright
plone.app.ldap is Copyright 2007, 2008 by the Plone Foundation.
Simplon_ donated the simplon.plone.ldap code to the Plone Foundation.
Credits
Wichert Akkerman <wichert@simplon.biz>
Funding
CentrePoint_
.. _simplon: http://www.simplon.biz/
.. _python-ldap: http://python-ldap.sourceforge.net/
.. _LDAPUserFolder: http://www.dataflake.org/software/ldapuserfolder/
.. _LDAPMultiPlugins: http://www.dataflake.org/software/ldapmultiplugins/
.. _PloneLDAP: http://plone.org/products/ploneldap/
.. _CentrePoint: http://centrepoint.org.uk/
Changelog
=========
1.4.4 (2019-09-19)
------------------
Breaking changes:
- *add item here*
New features:
- *add item here*
Bug fixes:
- Added uninstall profile.
This requires Products.GenericSetup 1.8.2+,
(available by default in Plone 4.3.8+ and 5.0.3+).
[maurits]
- Added dependencies so Plone 5 can start.
Removed the Plone 5 classifiers, because there is a test failure,
and it can't have worked before. [maurits]
1.4.3 (2018-04-08)
------------------
Bug fixes:
- Require in the setup.py Products.CMFDefault
[ale-rt]
1.4.2 (2017-11-26)
------------------
Bug fixes:
- Imports are Python3 compatible
[ale-rt]
1.4.1 (2017-08-27)
------------------
Bug fixes:
- Add coding header on python files.
[gforcada]
- Remove deprecated __of__ calls on BrowserViews
[MrTango]
1.4.0 (2016-08-19)
------------------
New:
- Dropped support for Plone 4.1.
[hvelarde]
- Added some more fields to portal_setup import/export, including
extra_user_filter, group mappings, and plugin type (AD/non-AD).
[adaugherity]
Fixes:
- Fix Travis CI build by pinning ``coverage`` and by ensuring different
Plone versions are actually tested.
[davidjb]
- Added ``metadata.xml`` to profile, plus empty upgrade step, so the
add-ons control panel does not complain that we have no upgrade
procedure.
[maurits]
- Fixed plugin activation for AD; correctly add mandatory schema items; activate
group management plugin for non-AD (to allow modifying group memberships via
Plone).
[adaugherity]
- Properly store settings made via control panel so that the control panel,
ZMI, and portal_setup export all show the same data.
[adaugherity]
- Miscellaneous minor bugfixes and documentation improvements.
[adaugherity]
- Use zope.interface decorator.
[gforcada]
1.3.2 (2015-03-02)
------------------
- Fix GS import : _user_objclasses and _roles should not be imported as unicode strings
[gotcha]
- Update package dependencies.
[hvelarde]
- Update installation documentation.
[hvelarde]
1.3.1 (2013-10-01)
------------------
- Use ``.png`` file, not ``.gif``. Fixes ``KeyError:
confirm_icon.gif`` from
https://github.com/plone/plone.app.ldap/issues/11
[maurits]
1.3.0 (2012-09-28)
------------------
- Add Plone 4.3 compatibility, and break compatibility with Plone 4.0
and Plone 3, by not importing from zope.app anymore.
[maurits]
- Fix the exporter as GS 1.7 and higher now explicitly only
understands strings. Still works for older GS too.
[sneridagh]
1.2.8 (2012-03-02)
------------------
- Added a z3c.autoinclude entry point to mark this as a Plone add-on.
[WouterVH]
1.2.7 (2011-10-19)
------------------
- Expose the 'Read Only' attribute of LDAP plugins for modification with
plone.app.ldap (http://dev.plone.org/ticket/12292)
[kteague]
- Fix bug where changes to the Default User Roles option were being
discarded (http://dev.plone.org/ticket/12293)
[kteague]
1.2.6 (2011-07-17)
------------------
- Add Plone 4.1 compatibility when importing IVocabularyFactory.
[fvandijk]
- Include Products.CMFCore for Plone 4.1 compatibility.
[WouterVH]
1.2.5 (2011-05-02)
------------------
- Added import-support for activated interfaces, user_default_roles
and password_encryption [awello]
- Update imports for zope.formlib bump in Plone 4.1
[eleddy]
- Update GS import to support plugin id, and update parameter
[eleddy]
- Update GS import to read interfaces config for AD plugins,
apply cache parameter
[eleddy]
1.2.4 (2010-12-07)
------------------
- Fix bug where generic setup exports were exporting boolean values
as type int.
[kteague]
- Fix bug where generic setup imports weren't choosing names correctly.
[kteague]
1.2.3 (2010-10-07)
------------------
- Fix: Login Name, User ID and RDN attributes were not set correctly on creation.
[elro]
1.2.2 (2010-08-18)
------------------
- LDAPProperty fields can now be marked as a Binary property.
[kteague]
- Ability to import/export an LDAP configuration using generic setup.
This feature is the same as the one provided by collective.genericsetup.ldap
and exports made with that product can be imported into plone.app.ldap.
During import all existing servers, general settings and schema
will be overwritten from config file - but no interfaces or cache
settings are changed.
[kteague]
- Removed locales directory. You can translate this package
in the plone.app.locales package now.
[vincentfretin]
- Cleaned templates to work with cmf.pt
[pilz]
1.2.1 (2010-04-19)
------------------
- Fallback to Plone 3 compatible imports. Fix display of cache tab in Plone 3.
[kteague]
1.2 (2010-03-25)
----------------
- Added a tab for display and modifying the cache settings.
[kteague]
- Send out notification events for all object additions/modifications/removals
so that configuration always gets propogated to the LDAPUserFolder object.
[kteague]
- Changed the base class for LDAPConfiguration so that it gets properly
rooted in the site (otherwise LDAPConfiguration.__parent__ goes into
an infinite loop, pointing to a fresh PersistenComponents instance who's
parent is in turn LDAPConfiguration).
[kteague]
- Updated the HTML to wrap all control panel forms in a form tag so that
tabs are properly displayed in Plone 4.
[kteague]
- Fixed i18n domain changes from Vincent. The message factory was defined in
the wrong ``__init__.py``.
[hannosch]
- Changed i18n domain from plone to plone.app.ldap.
Registered locales directory.
[vincentfretin]
1.1 (2008-08-16)
----------------
- Fix ldap schema config for Active Directory
[elro]
simplon.plone.ldap - 1.0
------------------------
- Initial package structure.
[zopeskel]